CVE-2017-17511 in Ubuntu

CVE-2017-17511

Priority

Description

KildClient 3.1.0 does not validate strings before launching the program
specified by the BROWSER environment variable, which might allow remote
attackers to conduct argument-injection attacks via a crafted URL, related
to prefs.c and worldgui.c.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17511
https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
https://security-tracker.debian.org/tracker/CVE-2017-17511

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885007

Notes

Package

Source: kildclient (LP Ubuntu Debian)

Upstream:	released (3.2.0-1)
Ubuntu 18.04 LTS:	not-affected (3.2.0-2)
Ubuntu 20.04 LTS:	not-affected (3.2.0-2)
Ubuntu 21.10:	not-affected (3.2.0-2)
Ubuntu 22.04 LTS:	not-affected (3.2.0-2)
Ubuntu 14.04 ESM:	DNE (trusty was released [2.11.1-1+deb7u2build0.14.04.1])

Patches:

More Information

Updated: 2022-04-25 00:19:57 UTC (commit ecc1009cb19540b950de59270950018900f37f15)