Lucene search

DebianDEBIAN:DSA-5164-1:7F245

HistoryJun 19, 2022 - 2:13 p.m.

[SECURITY] [DSA 5164-1] exo security update

2022-06-1914:13:28

lists.debian.org

debian

cve-2022-32278

security update

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Debian Security Advisory DSA-5164-1 [email protected]
https://www.debian.org/security/ Yves-Alexis Perez
June 18, 2022 https://www.debian.org/security/faq

Package : exo
CVE ID : CVE-2022-32278
Debian Bug : 1013129

It was discovered that exo, a support library for the Xfce desktop environment,
would allow executing remote .desktop files. In some scenario, an attacker
could use this vulnerability to trick an user an execute arbitrary code on the
platform with the privileges of that user.

For the oldstable distribution (buster), this problem has been fixed
in version 0.12.4-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 4.16.0-1+deb11u1.

We recommend that you upgrade your exo packages.

For the detailed security status of exo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11i386libexo-2-0< 4.16.0-1+deb11u1libexo-2-0_4.16.0-1+deb11u1_i386.deb
Debian10alllibexo-helpers< 0.12.4-1+deb10u1libexo-helpers_0.12.4-1+deb10u1_all.deb
Debian10amd64libexo-2-0< 0.12.4-1+deb10u1libexo-2-0_0.12.4-1+deb10u1_amd64.deb
Debian10i386libexo-2-dev< 0.12.4-1+deb10u1libexo-2-dev_0.12.4-1+deb10u1_i386.deb
Debian10armhflibexo-1-dev< 0.12.4-1+deb10u1libexo-1-dev_0.12.4-1+deb10u1_armhf.deb
Debian11mipsellibexo-2-0< 4.16.0-1+deb11u1libexo-2-0_4.16.0-1+deb11u1_mipsel.deb
Debian10arm64libexo-2-0< 0.12.4-1+deb10u1libexo-2-0_0.12.4-1+deb10u1_arm64.deb
Debian11i386exo-utils-dbgsym< 4.16.0-1+deb11u1exo-utils-dbgsym_4.16.0-1+deb11u1_i386.deb
Debian10arm64exo-utils-dbgsym< 0.12.4-1+deb10u1exo-utils-dbgsym_0.12.4-1+deb10u1_arm64.deb
Debian11mips64ellibexo-2-0-dbgsym< 4.16.0-1+deb11u1libexo-2-0-dbgsym_4.16.0-1+deb11u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	i386	libexo-2-0	< 4.16.0-1+deb11u1	libexo-2-0_4.16.0-1+deb11u1_i386.deb
Debian	10	all	libexo-helpers	< 0.12.4-1+deb10u1	libexo-helpers_0.12.4-1+deb10u1_all.deb
Debian	10	amd64	libexo-2-0	< 0.12.4-1+deb10u1	libexo-2-0_0.12.4-1+deb10u1_amd64.deb
Debian	10	i386	libexo-2-dev	< 0.12.4-1+deb10u1	libexo-2-dev_0.12.4-1+deb10u1_i386.deb
Debian	10	armhf	libexo-1-dev	< 0.12.4-1+deb10u1	libexo-1-dev_0.12.4-1+deb10u1_armhf.deb
Debian	11	mipsel	libexo-2-0	< 4.16.0-1+deb11u1	libexo-2-0_4.16.0-1+deb11u1_mipsel.deb
Debian	10	arm64	libexo-2-0	< 0.12.4-1+deb10u1	libexo-2-0_0.12.4-1+deb10u1_arm64.deb
Debian	11	i386	exo-utils-dbgsym	< 4.16.0-1+deb11u1	exo-utils-dbgsym_4.16.0-1+deb11u1_i386.deb
Debian	10	arm64	exo-utils-dbgsym	< 0.12.4-1+deb10u1	exo-utils-dbgsym_0.12.4-1+deb10u1_arm64.deb
Debian	11	mips64el	libexo-2-0-dbgsym	< 4.16.0-1+deb11u1	libexo-2-0-dbgsym_4.16.0-1+deb11u1_mips64el.deb