GLSA-201701-09 : Xdg-Utils: Command injection
Medium Nessus Plugin ID 96240
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201701-09 (Xdg-Utils: Command injection)
An eval injection vulnerability was discovered in Xdg-Utils.
A context-dependent attacker could execute arbitrary code via the URL argument to xdg-open.
There is no known workaround at this time.
SolutionAll Xdg-Utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=x11-misc/xdg-utils-1.1.1'