[Bug 1093056] New: VUL-0: CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks
http://bugzilla.opensuse.org/show_bug.cgi?id=1093056 Bug ID: 1093056 Summary: VUL-0: CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/205725/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: davejplater@gmail.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2018-10992 lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. We don't have the fix for CVE-2017-17523 yes, so we're technically not affected. Please take this as information on how to fix CVE-2017-17523 properly. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10992 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898373 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1093056
http://bugzilla.opensuse.org/show_bug.cgi?id=1093056#c1
Dave Plater
http://bugzilla.opensuse.org/show_bug.cgi?id=1093056
http://bugzilla.opensuse.org/show_bug.cgi?id=1093056#c8
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com