[Secure-testing-team] Bug#866677: rkhunter: CVE-2017-7480: File download via http might lead to RCE
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 30 19:22:15 UTC 2017
Source: rkhunter
Version: 1.4.2-0.4
Severity: grave
Tags: upstream security
Hi,
the following vulnerability was published for rkhunter (somehow
releated will be at least #765895)
CVE-2017-7480[0]:
File download via http might lead to RCE
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480
[1] http://www.openwall.com/lists/oss-security/2017/06/29/2
[2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG
[3] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550
Regards,
Salvatore
More information about the Secure-testing-team
mailing list