Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5296-1] xfce4-settings security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5296-1] xfce4-settings security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Yves-Alexis Perez <corsac AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5296-1] xfce4-settings security update
  • Date: Tue, 06 Dec 2022 19:15:49 +0100
  • Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/638f86d5.a00d4.612cf746 AT scapa.corsac.net
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <corsac AT corsac.net>
  • Priority: urgent
  • Resent-date: Tue, 6 Dec 2022 18:17:02 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <VTYWDpptRqH.A.onE.ec4jjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5296-1 security AT debian.org
https://www.debian.org/security/ Yves-Alexis Perez
December 06, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xfce4-settings
CVE ID : CVE-2022-45062
Debian Bug : 1023732

Robin Peraglie and Johannes Moritz discovered an argument injection bug in the
xfce4-mime-helper component of xfce4-settings, which can be exploited using
the
xdg-open common tool. Since xdg-open is used by multiple standard applications
for opening links, this bug could be exploited by an attacker to run arbitrary
code on an user machine by providing a malicious PDF file with specifically
crafted links.

For the stable distribution (bullseye), this problem has been fixed in
version 4.16.0-1+deb11u1.

We recommend that you upgrade your xfce4-settings packages.

For the detailed security status of xfce4-settings please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xfce4-settings

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOPhf4ACgkQ3rYcyPpX
RFsZiAgAqFeZ2xtfSmn0bkelbFZ5GzxBUDcCpRPQhSvK/Gku8ZsvBcMhINhMAU7Y
5XrLnOhi40VDOEAtQ53f1rkufR8oo454tgRabsNIyrwSFsI48t7+wUT9wTowlG9L
JKbbyiMMaLzZ5juglCFm1ZJGV6tMNYRzTyEFuMY/v//rsYkxeChdivWb5v/uPVhn
Jh2TZwi8uS8z3T0UkrJPnj4pStOJ1pD+ij2x8HSOvmPTZ+MCeKIudxHMxZntpa1Q
i5YglEL75nkMosOo2qFvkXd8E+598W6ueZZXqEBzBqbYzx+6XvrDuhz0nQhzMcLl
p17dIeUVVKBdnoZyd+YcK52GY8aiOA==
=pnJR
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5296-1] xfce4-settings security update, Yves-Alexis Perez, 06.12.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang