Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 292-2 (mime-support)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to mime-support announced via advisory DSA 292-2.
Insight
Insight
Unfortunately yesterday's update for mime-support did not exactly work as expected, which requires an update. For completeness we include the advisory text: Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files 'mime.types' and 'mailcap'. When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root. Additionally the program did not properly escape shell escape characters when executing a command. This is unlikely to be exploitable, though. For the stable distribution (woody) these problems have been fixed in version 3.18-1.2. For the old stable distribution (potato) these problems have been fixed in version 3.9-1.2. For the unstable distribution (sid) these problems have been fixed in version 3.22-1 (same as DSA 292-1). We recommend that you upgrade your mime-support packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20292-2