Download
| Alert*
|
oval:org.secpod.oval:def:89043849
This update for nautilus fixes the following security issue: - CVE-2017-14604: Fixed a file type spoofing attack by adding a metadata::trusted attribute to a file once the user acknowledges the file as trusted, and also remove the trusted content in the desktop file . oval:org.secpod.oval:def:89002508 This update for nautilus fixes the following issues: Security issue fixed: - CVE-2017-14604: Add a metadata::trusted metadata to the file once the user acknowledges the file as trusted, and also remove the quot;trustedquot; content in the desktop file . oval:org.secpod.oval:def:204746 Nautilus is the file manager and graphical shell for the GNOME desktop. Security Fix: * An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user in ... oval:org.secpod.oval:def:603125 Security researcher discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user wou ... oval:org.secpod.oval:def:53151 Security researcher discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user wou ... oval:org.secpod.oval:def:1900258 GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication ... oval:org.secpod.oval:def:1700006 Insufficient validation of trust of .desktop files with execute permissionAn untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a . ... oval:org.secpod.oval:def:1502122 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502228 Nautilus is the file manager and graphical shell for the GNOME desktop. Security Fix: * An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user in ... |
