Slackware Advisory SSA:2009-033-01 Xdg-utils Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2009-033-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-033-01

Insight

New xdg-utils packages are available for Slackware 12.2 and -current to fix security issues. Applications that use /etc/mailcap could be tricked into running an arbitrary script through xdg-open, and a separate flaw in xdg-open could allow the execution of arbitrary commands embedded in untrusted input provided to xdg-open. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386

Severity

Classification

CVE CVE-2008-0386, CVE-2009-0068
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2007-066-01 gnupg
Slackware Advisory SSA:2005-310-05 PHP
Slackware Advisory SSA:2006-207-03 gimp
Slackware Advisory SSA:2006-257-03 firefox/thunderbird/seamonkey
Slackware Advisory SSA:2006-230-02 php

Slackware Advisory SSA:2009-033-01 xdg-utils

Take action and discover your vulnerabilities