oval:org.mitre.oval:def:12962

Definition Id: oval:org.mitre.oval:def:12962
 
Oval ID: oval:org.mitre.oval:def:12962
Title: DSA-2047-1 aria2 -- insufficient input sanitising
Description: A vulnerability was discovered in aria2, a download client. The "name" attribute of the "file" element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory. For the stable distribution, this problem has been fixed in version 0.14.0-1+lenny2. For the unstable distribution, this problem has been fixed in version 1.9.3-1. We recommend that you upgrade your aria2 package.
Family: unix Class: patch
Reference(s): DSA-2047-1
CVE-2010-1512
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): aria2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:12962