[Technik] [SECURITY] [DSA 1228-1] New elinks packages fix
arbitrary shell command execution
Noèl Köthe
noel at debian.org
Thu Dec 7 17:51:54 CET 2006
Am Dienstag, den 05.12.2006, 20:50 +0100 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1228-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> December 5th, 2006 http://www.debian.org/security/faq
>
> Package : elinks
> Vulnerability : insufficient escaping
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CVE-2006-5925
> Debian Bug : 399188
elinks auf pima, pomo, yuma, cupa, h01, h02, h03 und h04 aktualisiert.
> For the stable distribution (sarge) this problem has been fixed in
> version 0.10.4-7.1.
changelog:
elinks (0.10.4-7.1) stable-security; urgency=high
* Backport patch from links to fix security bug in smb:// URI handling:
'"' and ';' characters could be used for remote command execution
(CVE-2006-5925).
-- Julien Cristau <julien.cristau at ens-lyon.org> Sun, 3 Dec 2006 19:44:18 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061207/5f0226e1/attachment.pgp
More information about the Technik
mailing list