mime-support Update for Debian
Posted on: 04/23/2003 03:57 PM

A mime-support update for Debian GNU/Linux has been released

Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files 'mime.types' and 'mailcap'. When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root. Additionally the program did not properly escape shell escape characters when executing a command. This is unlikely to be exploitable, though.

Read more

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mime_support_update_for_debian.html)