Debian Security Advisory 4146-1

Debian Security Advisory 4146-1: Posted Mar 22, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4146-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.; tags | advisory, arbitrary, shell; systems | linux, debian; advisories | CVE-2017-1000487; SHA-256 | b72926f8207adf31d74502fe82f90c30cfcde6566e0af737b43a77cbb4d3ca3f; Download | Favorite | View

Debian Security Advisory 4146-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4146-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : plexus-utils
CVE ID         : CVE-2017-1000487

Charles Duffy discovered that the Commandline class in the utilities for
the Plexus framework performs insufficient quoting of double-encoded
strings, which could result in the execution of arbitrary shell commands.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:1.5.15-4+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1:1.5.15-4+deb9u1.

We recommend that you upgrade your plexus-utils packages.

For the detailed security status of plexus-utils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plexus-utils

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqxbXMACgkQEMKTtsN8
TjY3OA//YUw9LS3G8+kKgvVsXXkkUn2a+Ilw8ZHj5ZA6yhmxGX09jqA5K0ofrb6F
WbzZmLe86AuI8KbLct83VMZ3IRhUKqwNoBlEQ+D7hiRDOvc8ZyCZLyZpBz1ItVJw
2UFbmwgIhKrq1wSx9JftNSRU+DJcuvl5gaTLLsbeOpkBXSb38ZdCg9yMi1usDQlQ
rSAXCxcTsmhe6n4AqKIO/nqPIf+Gj8lcApW51j3qU1cmOneqG/J+h4T8CHvQ4TlQ
00wJ7obrHRERz08VoB8OBKLAPd/Q3G/hFs4RYNbmIKw07F/qz6tkKENIWzQLfiGz
VCOzs8kWf87urz/SsEu+ByKzc34QIStZ32DBVhM37bIYxmZxukNDU4f6AkU3gceV
lVnocAwIBnZNRtkFqi7YAQb/oITGAHbJw7aaqVysEf6+68aYOoK1OZQXzJaUkMKK
FNf7dpEKBsN3pdkgE4Hv3bzBTsTs4gXCemlKOQ1O5Ao/OBwxtX5YlyK+RGldACoj
x+CfF0QpQq1xsrEgo0xLQClcu9br+osLyzi8ZgvQdynMzMdtYUABbRZVE7natLSU
vGP3u5ZfYDIXEf59dqoi+BIXAlMCz4fAMGOFTmEeFxfTdYfyTtf6+9EKxXCG5wpW
2vk9QYnbXqcBufZMbHGKr5dsZNGEtcDqZg9GEb4iE9RsE7ZV29s=
=RUIF
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 305 files
Ubuntu 67 files
Debian 23 files
Gentoo 8 files
LiquidWorm 6 files
Apple 5 files
Google Security Research 5 files
Spencer McIntyre 3 files
Ivan Fratric 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Debian Security Advisory 4146-1

Debian Security Advisory 4146-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4146-1

Share This

Debian Security Advisory 4146-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems