Univention Bugzilla – Bug 37428
mime-support: Shell command injection (3.2)
Last modified: 2019-04-11 19:23:51 CEST
run-mailcap from mime-support performs insufficient sanitising which allows the execution of arbitrary shell commands when processing a malicious filename. The base UCS desktop is not exposed to this vulnerability, so low impact.
This issue has been filled against UCS 3.2. The maintenance with bug and security fixes for UCS 3.2 has ended on 30st of November 2016. Customers still on UCS 3.2 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.