Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1467 to the following vulnerability: CenterIM 4.22.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." References: http://www.milw0rm.com/exploits/5283 http://www.securityfocus.com/bid/28362 http://www.frsirt.com/english/advisories/2008/0956/references http://secunia.com/advisories/29489
Patch in rawhide. Stables will be updated in about a week, together with Yahoo IM fixes.
centerim-4.22.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
centerim-4.22.4-1.fc7.1 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2869 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2867