Univention Bugzilla – Bug 37429
mime-support: Shell command injection (4.0)
Last modified: 2018-10-08 14:20:51 CEST
+++ This bug was initially created as a clone of Bug #37428 +++ run-mailcap from mime-support performs insufficient sanitising which allows the execution of arbitrary shell commands when processing a malicious filename. The base UCS desktop is not exposed to this vulnerability, so low impact.
This is CVE-2014-7209
This was fixed during the import of the Wheezy 7.8 point update in Bug 37511
UCS 4.0-1 has been released: http://docs.univention.de/release-notes-4.0-1-en.html http://docs.univention.de/release-notes-4.0-1-de.html If this error occurs again, please use "Clone This Bug".