Debian-LTS alert DLA-745-1 (most)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 745-1] most security update | |
| Date: | Fri, 16 Dec 2016 16:07:57 +0100 | |
| Message-ID: | <f4260eae-757c-1a1b-6665-1a633d997f0d@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : most Version : 5.0.0a-2.2 CVE ID : CVE-2016-1253 Debian Bug : 848132 The most pager can automatically open files compressed with gzip, bzip2 and (in Debian) LZMA. Alberto Garcia discovered that Debian's version of most was susceptible for a shell injection attack that could be exploited to run arbitrary commands on the user's computer. For Debian 7 "Wheezy", these problems have been fixed in version 5.0.0a-2.2. We recommend that you upgrade your most packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhUA0xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSP2A//VIpE1E0DFXjq15ewQi1I51wAoJXCiB8PPI3fCq6ndmQGXmyCAuqqi9VX B9pXjrVpvx8guC7Gv+AX4XAVAK/BO3fffLS8iivXem7hArIX+o1ltbfnHrTZ3ydo XJn53XMuX2bGE5tuQJQU9e/BZFNb+xJ+JDKNSlrzIl9bq8CNdJuqpYJcUr4lqWM7 9EcqoVqsBl+T6NU/p1SjO7cERDHZxOXP/EMurT+kB+UvVnYL70uHTvfYms0JLD6F NTR55270/fI8btU8UIYbD/W+AuKDKkrWCj30GG2gd/Q4n8sCehv10lNa0L6BUpM7 UGYKf0xeM+u/OWKGc9HqVxewA3jVSPbnfWqA0CPSuEr/dhVoSOOaNKnvZVJ8rMaJ UomuZ5C7dZS2J62gvRiYQbTZMRjJXTpiAfytwAD7bhuWBJ7BZLZ4qUwnQxFtcGDr IoQVpf6ZDmKwQaWmXBxnwysBhynUGgIBj7MZF5ES0p+KxCIeBm/EMrtEF/Bf6sxb XGvwOWlYAjBXVnmEiY/9etKddWdECEHKOncNHrfBjnsee0iVgi34J+6K9mJufkvS qnGvgh+QMuqtYfJr3HvzSPjUONiwkmwspgm7auY7P6aSc2OvQ9uG9p1JRkZ/iMoh iRd/fk715NC0CmU8kzkwHcFXqqMa90zmRhrtWUJ0/qpzqfHGKVQ= =4N2v -----END PGP SIGNATURE-----