Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-1063-1 extplorer

Debian Security Advisory

DLA-1063-1 extplorer -- LTS security update

Date Reported:

21 Aug 2017

Affected Packages:

extplorer

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-12756.

More information:

• CVE-2017-12756

  Fix command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.

For Debian 7 Wheezy, these problems have been fixed in version 2.1.0b6+dfsg.3-4+deb7u5.

We recommend that you upgrade your extplorer packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS