[Secure-testing-team] Bug#866677: rkhunter: CVE-2017-7480: File download via http might lead to RCE

Salvatore Bonaccorso carnil at debian.org
Fri Jun 30 19:22:15 UTC 2017


Source: rkhunter
Version: 1.4.2-0.4
Severity: grave
Tags: upstream security

Hi,

the following vulnerability was published for rkhunter (somehow
releated will be at least #765895)

CVE-2017-7480[0]:
File download via http might lead to RCE

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7480
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480
[1] http://www.openwall.com/lists/oss-security/2017/06/29/2
[2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG
[3] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550

Regards,
Salvatore



More information about the Secure-testing-team mailing list