Advisories » MGASA-2015-0058

Updated xdg-utils packages fix CVE-2014-9622

Publication date: 11 Feb 2015
Modification date: 11 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9622

Description

Updated xdg-utils package fixes security vulnerability:

John Houwer discovered a way to cause xdg-open, a tool that automatically opens
URLs in a user's preferred application, to execute arbitrary commands remotely
(CVE-2014-9622).

The xdg-utils has been updated to a much more recent snapshot, and has been
patched to fix this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14932
• https://www.debian.org/security/2015/dsa-3131
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9622

SRPMS

4/core

• xdg-utils-1.1.0-0.0.rc3.3.1.mga4