Security 10745 Published by

A mime-support update for Debian GNU/Linux has been released



Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files 'mime.types' and 'mailcap'. When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root. Additionally the program did not properly escape shell escape characters when executing a command. This is unlikely to be exploitable, though.
Read more