CVE-2011-1842

Name of the Vulnerable Software and Affected Versions language-selector versions prior to 0.6.7

Description The issue concerns a lack of validation for arguments passed to certain functions, allowing local users to potentially gain privileges through the use of shell metacharacters in string arguments. This is related to the SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv functions in the D-Bus backend.

Recommendations For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SetSystemDefaultLangEnv and SetSystemDefaultLanguageEnv functions until a patch is available.