• [SECURITY] [DSA 5296-1] xfce4-settings security update

    From Yves-Alexis Perez@21:1/5 to All on Tue Dec 6 19:20:01 2022
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5296-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez December 06, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xfce4-settings
    CVE ID : CVE-2022-45062
    Debian Bug : 1023732

    Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted links.

    For the stable distribution (bullseye), this problem has been fixed in
    version 4.16.0-1+deb11u1.

    We recommend that you upgrade your xfce4-settings packages.

    For the detailed security status of xfce4-settings please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/xfce4-settings

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmOPhf4ACgkQ3rYcyPpX RFsZiAgAqFeZ2xtfSmn0bkelbFZ5GzxBUDcCpRPQhSvK/Gku8ZsvBcMhINhMAU7Y 5XrLnOhi40VDOEAtQ53f1rkufR8oo454tgRabsNIyrwSFsI48t7+wUT9wTowlG9L JKbbyiMMaLzZ5juglCFm1ZJGV6tMNYRzTyEFuMY/v//rsYkxeChdivWb5v/uPVhn Jh2TZwi8uS8z3T0UkrJPnj4pStOJ1pD+ij2x8HSOvmPTZ+MCeKIudxHMxZntpa1Q i5YglEL75nkMosOo2qFvkXd8E+598W6ueZZXqEBzBqbYzx+6XvrDuhz0nQhzMcLl p17dIeUVVKBdnoZyd+YcK52GY8aiOA==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)