Vulnerability: Debian privilege escalation

A multilingual file viewer, lv, will read options from a configuration file in the current directory. As such, a file could be placed there by a malicious user, and lv configuration options could be used to execute commands. An attacker could then gain the privileges of the user invoking lv, including root.

For the stable distribution (woody) this problem has been fixed in version 4.49.4-7woody2.

For the old stable distribution (potato) this problem has been fixed in version 4.49.3-4potato2.

For the unstable distribution (sid) this problem is fixed in version 4.49.5-2.

Users are advised to update their lv packages.

For details, see http://www.debian.org/security/2003/dsa-304.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Debian

Show Comments