SUSE-SU-2018:1489-1

Опубликовано: 01 июн. 2018

Источник: suse-cvrf

Описание

Security update for bzr

Bzr was updated to fix a security issue:

CVE-2017-14176: Avoid code execution using ssh:// url injection (boo#1058214)

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

bzr-1.8-3.5.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181489-1/
Link for SUSE-SU-2018:1489-1
https://lists.suse.com/pipermail/sle-security-updates/2018-June/004107.html
E-Mail link for SUSE-SU-2018:1489-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1058214
SUSE Bug 1058214
https://www.suse.com/security/cve/CVE-2017-14176/
SUSE CVE CVE-2017-14176 page

Описание

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP4:bzr-1.8-3.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-14176.html
CVE-2017-14176
https://bugzilla.suse.com/1058214
SUSE Bug 1058214
https://bugzilla.suse.com/1071709
SUSE Bug 1071709

SUSE-SU-2018:1489-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2017-14176

Описание

Затронутые продукты

Ссылки