A flaw was found in units. units_cur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902935 https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1613965.html
Created units tracking bugs for this issue: Affects: fedora-all [bug 1598914]
*** Bug 1598917 has been marked as a duplicate of this bug. ***
Statement: This issue did not affect the versions of units as shipped with Red Hat Enterprise Linux 5, 6, and 7.