Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0289
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0289)
Summary:	The remote host is missing an update for the 'xdg-utils' package(s) announced via the MGASA-2018-0289 advisory.
Description:	Summary: The remote host is missing an update for the 'xdg-utils' package(s) announced via the MGASA-2018-0289 advisory. Vulnerability Insight: Updated xdg-utils package fixes security vulnerability: The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable (CVE-2017-18266). Affected Software/OS: 'xdg-utils' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18266 Debian Security Information: DSA-4211 (Google Search) https://www.debian.org/security/2018/dsa-4211 https://bugs.freedesktop.org/show_bug.cgi?id=103807 https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2 https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html https://usn.ubuntu.com/3650-1/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.