Advisories ยป MGASA-2015-0058

Updated xdg-utils packages fix CVE-2014-9622

Publication date: 11 Feb 2015
Modification date: 11 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9622

Description

Updated xdg-utils package fixes security vulnerability:

John Houwer discovered a way to cause xdg-open, a tool that automatically opens
URLs in a user's preferred application, to execute arbitrary commands remotely
(CVE-2014-9622).

The xdg-utils has been updated to a much more recent snapshot, and has been
patched to fix this issue.
                

References

SRPMS

4/core