Advisories » MGASA-2018-0412

Updated lilypond packages fix security vulnerability

Publication date: 26 Oct 2018
Modification date: 26 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17523

Description

lilypond does not validate strings before launching the program specified
by the BROWSER environment variable, which allows remote attackers to
conduct argument-injection attacks (CVE-2017-17523).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23146
• https://lists.opensuse.org/opensuse-updates/2018-05/msg00082.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17523

SRPMS

6/core

• lilypond-2.19.82-1.mga6