Support / Sécurité / Annonces de sécurité / Mandriva Linux 2007.1 / MDVSA-2008:031

Nom du paquet: xdg-utils
Date: 2008-02-01
Advisory ID: MDVSA-2008:031
Affected versions: 2008.0 x86_64 , 2008.0 i586 , 2007.1 i586 , 2007.1 x86_64

Problem description

A vulnerability was found in xdg-open and xdg-email commands, which
allows remote attackers to execute arbitrary commands if the user is
tricked into trying to open a maliciously crafted URL.

The updated packages have been patched to prevent the issue.

Updated packages

2008.0 x86_64

 7e8c83cb1957521497ceff756a0ea79f  2008.0/x86_64/xdg-utils-1.0.2-3.1mdv2008.0.x86_64.rpm 
 e69a33c4cdead90fa44d021902722411  2008.0/SRPMS/xdg-utils-1.0.2-3.1mdv2008.0.src.rpm

2008.0 i586

 8ae9d8bf4d89f62326e06ed19d89642d  2008.0/i586/xdg-utils-1.0.2-3.1mdv2008.0.i586.rpm 
 e69a33c4cdead90fa44d021902722411  2008.0/SRPMS/xdg-utils-1.0.2-3.1mdv2008.0.src.rpm

2007.1 i586

 87a609bef7d4f1fa89f679f799ab894d  2007.1/i586/xdg-utils-1.0.1-3.1mdv2007.1.i586.rpm 
 91ece389fe517eb37340dab3fdb80b80  2007.1/SRPMS/xdg-utils-1.0.1-3.1mdv2007.1.src.rpm

2007.1 x86_64

 a5678edc7717df385ff063cd3dd8d1ed  2007.1/x86_64/xdg-utils-1.0.1-3.1mdv2007.1.x86_64.rpm 
 91ece389fe517eb37340dab3fdb80b80  2007.1/SRPMS/xdg-utils-1.0.1-3.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386