SUSE-SU-2018:2047-1

Опубликовано: 24 июл. 2018

Источник: suse-cvrf

Описание

Security update for python-dulwich

This update for python-dulwich to version 0.18.5 fixes this security issue:

CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (bsc#1066430).

For detailed changes please see https://www.dulwich.io/code/dulwich/

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

python-dulwich-0.18.5-4.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182047-1/
Link for SUSE-SU-2018:2047-1
https://lists.suse.com/pipermail/sle-security-updates/2018-July/004303.html
E-Mail link for SUSE-SU-2018:2047-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1066430
SUSE Bug 1066430
https://www.suse.com/security/cve/CVE-2017-16228/
SUSE CVE CVE-2017-16228 page

Описание

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 12:python-dulwich-0.18.5-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-16228.html
CVE-2017-16228
https://bugzilla.suse.com/1053364
SUSE Bug 1053364
https://bugzilla.suse.com/1066430
SUSE Bug 1066430
https://bugzilla.suse.com/1071709
SUSE Bug 1071709

SUSE-SU-2018:2047-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

Ссылки

Уязвимость: CVE-2017-16228

Описание

Затронутые продукты

Ссылки