info-global
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GLOBAL-6.6.1 released. [CVE-2017-17531]


From: Shigio YAMAGUCHI
Subject: GLOBAL-6.6.1 released. [CVE-2017-17531]
Date: Sat, 16 Dec 2017 14:38:43 +0900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


GLOBAL-6.6.1 released. [CVE-2017-17531]

Hello hackers,

GLOBAL-6.6.1 is a bug fix release.

GLOBAL is a source code tagging system that works the same way across
diverse environments, for example, emacs, vi, less, bash, web browser
and etc. It is useful for hacking a large project.

[FIXED BUG]
o gozilla: A critical vulnerability (CVE-2017-17531) was found in a unknown
  function of gozilla(1). It allows remote attackers to execute arbitrary
  code via a crafted URL. Now it is fixed.

- - What is the unknown function?
Gozilla accepts a URL as an argument, and invokes a web browser with the URL.
Though it is undocumented, it is implied in the online manual as follows:

> BUGS
>         Gozilla can accept not only source files but also text files,
>         directories, HTML files and even URLs, because it is omnivorous.

Impact:
    All gozilla(1) before GLOBAL-6.6.1 have the vulnerability.
    It allows remote attackers to execute arbitrary code via a crafted URL.
Workaround:
    Don't use the unknown function.
Solution:
    Install GLOBAL-6.6.1. The vulnerability was eliminated on this version.

You can download it from http://www.gnu.org/software/global/download.html

Shigio YAMAGUCHI <address@hidden>
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iQEzBAEBCAAdFiEEfbo3OesTjKdebKVeKvmXe9peQbEFAlo0rX0ACgkQKvmXe9pe
QbGx7Af+Om3Vmc38+sGgMuGD+cYZe8ajK7aHigCbbx2jQ03xBaTVwrja4e5l21IS
1t3XtlGD4fG8oDJLR5RUYW4M1YpP6fhvzw2Sgek00aGPEMbbrMjmESEx8OQOOMMn
Uj8czeq1qogzbV/SOLmBRiV37JKRvRaFPmyY8bxIcxHx30h3fZtAU15R+ngijn1z
0cDOxLquglDXjtK2ksCxd/UHGU9w0BC8pv9LLM1q4c7XaAnYEGroT5Fd45MAb86y
rwT/nXp35lqSK16hduyCTNdvk948NNizccqXtgXTaEwoljsA3RLgKAXP0Uif9KtJ
Da4GcVXlHB0ssCsiRiLn4sRjXRfR1g==
=4WO1
-----END PGP SIGNATURE-----


--
Shigio YAMAGUCHI <address@hidden>
PGP fingerprint: 
26F6 31B4 3D62 4A92 7E6F  1C33 969C 3BE3 89DD A6EB

reply via email to

[Prev in Thread] Current Thread [Next in Thread]