Descriptionxloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SR:2005:012, published Fri, 29 Apr 2005 14:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SuSE Linux 8.2 for IA32 |
SuSE Linux 9.0 for AMD64
SuSE Linux 9.0 for IA32
|SUSE LINUX 9.1 for IA32|| |
|SUSE LINUX 9.2|| |
|SUSE LINUX 9.3|| |