Slackware Advisory SSA:2009-033-01 Xdg-utils Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2009-033-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-033-01

Insight

New xdg-utils packages are available for Slackware 12.2 and -current to fix security issues. Applications that use /etc/mailcap could be tricked into running an arbitrary script through xdg-open, and a separate flaw in xdg-open could allow the execution of arbitrary commands embedded in untrusted input provided to xdg-open. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386

Severity

Classification

CVE CVE-2008-0386, CVE-2009-0068

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2007-066-03 mozilla-firefox
Slackware Advisory SSA:2005-269-01 Mozilla/Firefox
Slackware Advisory SSA:2006-130-01 Apache httpd redux
Slackware Advisory SSA:2004-202-01 PHP
Slackware Advisory SSA:2005-310-04 apache

Slackware Advisory SSA:2009-033-01 xdg-utils

Take action and discover your vulnerabilities