Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 11 May 2021 07:37:47 +0200
From: Gabriel Corona <gabriel.corona@...t-bretagne.fr>
To: oss-security@...ts.openwall.com
Subject: Re: Code execution through Thunar

Le 09/05/2021 à 21:38, Gabriel Corona a écrit :
> When called with a regular file as command line argument, Thunar
> would delegate to some other program without user confirmation
> based on the file type. This could be exploited to trigger code
> execution in a chain of vulnerabilities.
> 
> This is fixed in 4.16.7 and 4.17.2. When called with a regular
> file, Thunar now opens the containing directory and selects the
> file.
> 
> A CVE ID has been requested.

This is CVE-2021-32563.

Gabriel

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.