Oval Definition:oval:org.opensuse.security:def:201716667
Revision Date:2019-09-27Version:1
Title:CVE-2017-16667
Description:

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-16667
Platform(s):openSUSE Leap 42.2
openSUSE Leap 42.3
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • backintime-1.1.20-3.6.1 is installed
  • AND backintime is signed with openSUSE key
  • OR
  • backintime-lang-1.1.20-3.6.1 is installed
  • AND backintime-lang is signed with openSUSE key
  • OR
  • backintime-qt4-1.1.20-3.6.1 is installed
  • AND backintime-qt4 is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • backintime-1.1.20-6 is installed
  • AND backintime is signed with openSUSE key
  • OR
  • backintime-lang-1.1.20-6 is installed
  • AND backintime-lang is signed with openSUSE key
  • OR
  • backintime-qt4-1.1.20-6 is installed
  • AND backintime-qt4 is signed with openSUSE key
    • BACK