You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa mime-support

Sigurnosni nedostatak programskog paketa mime-support

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2453-1
January 07, 2015

mime-support vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

run-mailcap could be made to run programs as your login if it opened a
specially crafted file.

Software Description:
– mime-support: MIME support programs

Details:

Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered
certain shell metacharacters in filenames. If a user or automated system
were tricked into opening a file with a specially-crafted filename, a
remote attacker could possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
mime-support 3.55ubuntu1.1

Ubuntu 14.04 LTS:
mime-support 3.54ubuntu1.1

Ubuntu 12.04 LTS:
mime-support 3.51-1ubuntu1.1

Ubuntu 10.04 LTS:
mime-support 3.48-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2453-1
CVE-2014-7209

Package Information:
https://launchpad.net/ubuntu/+source/mime-support/3.55ubuntu1.1
https://launchpad.net/ubuntu/+source/mime-support/3.54ubuntu1.1
https://launchpad.net/ubuntu/+source/mime-support/3.51-1ubuntu1.1
https://launchpad.net/ubuntu/+source/mime-support/3.48-1ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUrXgdAAoJEGVp2FWnRL6T198P/1bIj5ZnMDKaY/KG3+VO0fci
MrvDUQsnhs7ig6aNQV0NXmLzBg4jeNdccxD65Sm8hhobfhdjmYTkj1ZWrY49zL6N
Xgyh5olSbxFl1Tsm5GFWklnHZUKZV3AqKZbYgn0ODmQdesftIRyZUpsOmSx169j6
vta27F9ux4IeR4SFGjgGa1tBATEVflfpW35ErdAGpv8NuZc465YPmkQPYcw9QAjJ
HhqHGrX5R30b6t+XJXw14k9zWPBcYBwS74q1CPZeHz+Arem6Isi9aF4E4bfsPRiO
GWIfrLDmkR79vMu5XTcewLwomV9qL3EyvZ9j/rYM5xxUkaMdZXGSEjv6bAnAAz0a
g6HBVzTF+SRQluP5Vkc20SclahqELjzv6gJTdwVMJFPoXyto/oLt06qG8D0nwz+p
8iQH2+sgNsuQKPxwSf4v4DK6bPo1lBrzndIOIT8G7MAs7K/gOxyjVz8e7wOFAtTy
++8qbxcjlviFbBx89rKTUWGJ3iq/2Ro52Mm0a4lz8pJlMOcUROK/57H+Q+hATUj3
URU9r+6m6gTEdza9uprir3I6mvOgaQQj1WHWXWmP/hbTZgcI7BP2lRjuWDyNVo2l
cu6HQWhpSx9n+/qdEbggxDqXdeYJnDfVynA+5Qw1+2NYZsOpyQqaMnuBKuVraSyL
IbQbINFSPzhWUWEfMSvm
=oIvQ
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2015-01-0003-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa exiv2

Otkriven je sigurnosni nedostatak u programskom paketu exiv2 za Ubuntu 14.10. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanjem usluge....

Close