:Some vulnerabilities have been reported in Xdg-utils, which can be exploited by malicious people to compromise a user’s system.The vulnerabilities are caused due to the "xgd-open" and "xdg-email" scripts not correctly sanitising parameters before using them in a sed call. This can be exploited to inject and execute shell commands if e.g. a malicious URL is passed to the affected scripts.Successful exploitation requires that the scripts are not used in a KDE, Gnome, or XFCE session.The vulnerabilities are reported in version 1.0.2. Other versions may also be affected.Solution:Fixed in the CVS repository:http://webcvs.freedesktop.org/portlan…scripts/xdg-email?r1=1.36&r2=1.37http://webcvs.freedesktop.org/portlan…/scripts/xdg-open?r1=1.32&r2=1.33Provided and/or discovered by:Reported in a Red Hat bug by Miroslav Lichvar.Original Advisory:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0386

Original post by sonia