Oval Definition:oval:org.opensuse.security:def:201810992
Revision Date:2022-06-30Version:1
Title:CVE-2018-10992
Description:

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-10992
Mitre CVE-2018-10992
SUSE CVE-2018-10992
openSUSE-SU-2018:1360-1
Platform(s):openSUSE Leap 42.3
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • lilypond-2.18.2-7.3 is installed
  • AND lilypond is signed with openSUSE key
  • OR
  • lilypond-century-schoolbook-l-fonts-2.18.2-7.3 is installed
  • AND lilypond-century-schoolbook-l-fonts is signed with openSUSE key
  • OR
  • lilypond-doc-2.18.2-7.3 is installed
  • AND lilypond-doc is signed with openSUSE key
  • OR
  • lilypond-doc-cs-2.18.2-7.3 is installed
  • AND lilypond-doc-cs is signed with openSUSE key
  • OR
  • lilypond-doc-de-2.18.2-7.3 is installed
  • AND lilypond-doc-de is signed with openSUSE key
  • OR
  • lilypond-doc-es-2.18.2-7.3 is installed
  • AND lilypond-doc-es is signed with openSUSE key
  • OR
  • lilypond-doc-fr-2.18.2-7.3 is installed
  • AND lilypond-doc-fr is signed with openSUSE key
  • OR
  • lilypond-doc-hu-2.18.2-7.3 is installed
  • AND lilypond-doc-hu is signed with openSUSE key
  • OR
  • lilypond-doc-it-2.18.2-7.3 is installed
  • AND lilypond-doc-it is signed with openSUSE key
  • OR
  • lilypond-doc-ja-2.18.2-7.3 is installed
  • AND lilypond-doc-ja is signed with openSUSE key
  • OR
  • lilypond-doc-nl-2.18.2-7.3 is installed
  • AND lilypond-doc-nl is signed with openSUSE key
  • OR
  • lilypond-doc-zh-2.18.2-7.3 is installed
  • AND lilypond-doc-zh is signed with openSUSE key
  • OR
  • lilypond-emmentaler-fonts-2.18.2-7.3 is installed
  • AND lilypond-emmentaler-fonts is signed with openSUSE key
  • OR
  • lilypond-fonts-common-2.18.2-7.3 is installed
  • AND lilypond-fonts-common is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lilypond-2.23.3-1.3 is installed
  • OR lilypond-emmentaler-fonts-2.23.3-1.3 is installed
  • OR lilypond-fonts-common-2.23.3-1.3 is installed
  • OR lilypond-texgy-fonts-2.23.3-1.3 is installed
    • BACK