| Errata ID | 564 |
|---|---|
| Date | 2018-12-12 |
| Source package | nsis |
| Fixed in version | 2.46-10+deb8u1 |
| Description | This update addresses the following issues: * Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. (CVE-2015-9267) * Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. (CVE-2015-9268) |
| Additional notes | |
| CVE ID | CVE-2015-9267 CVE-2015-9268 |
| UCS Bug number | #48295 |
