安全公告详情

NS-SA-2025-1001

2025-03-28 00:00:00

简介

important: appstream-data security update

严重级别

important

主题

An update for appstream-data is now available for NewStartOS V4.5.2
NewStart Security has rated this update as having a security impact of critical.

详细描述

The '/var/share/appstream data/update appstream data. sh' file of NewStartOS will automatically trigger execution when the user clicks on the software center. NewStartOS defaults to a script that is readable and writable by all users. After the attacker modifies the content of this script to malicious code, if the administrator clicks on the Software Center, the update-appstream-data.sh script will be automatically triggered with administrator privileges, running the malicious code implanted by the attacker with administrator privileges.

影响组件

  • appstream-data

影响产品

  • NewStartOS V4.5.2

更新包

{"fix":[{"product":"NewStartOS V4.5.2","pkgs":[{"binary":["appstream-data-8-20250318.zncgsl6.noarch.rpm"],"source":"appstream-data-8-20250318.zncgsl6.noarch.src.rpm"}]}]}
NewStartOS V4.5.2
  • appstream-data-8-20250318.zncgsl6.noarch.src.rpm
    • appstream-data-8-20250318.zncgsl6.noarch.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108