[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 125-1] mime-support security update

Package        : mime-support
Version        : 3.48-1+deb6u1
CVE ID         : CVE-2014-7209

Timothy D. Morgan discovered that run-mailcap, an utility to execute
programs via entries in the mailcap file, is prone to shell command
injection via shell meta-characters in filenames. In specific scenarios
this flaw could allow an attacker to remotely execute arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in
version 3.48-1+deb6u1.

We recommend that you upgrade your mime-support packages.

Charles Plessy
mime-support maintainer
Tsurumi, Kanagawa, Japan

Attachment: signature.asc
Description: Digital signature

Reply to: