Описание
Security update for lftp
This update for lftp fixes the following issues:
Security issue fixed:
- CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367).
Other issue addressed:
- The SSH login handling code detects password prompts more reliably (bsc#1120946).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
lftp-4.7.4-3.6.1
SUSE Linux Enterprise Desktop 12 SP4
lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server 12 SP3
lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server 12 SP4
lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
lftp-4.7.4-3.6.1
Ссылки
- Link for SUSE-SU-2019:0642-1
- E-Mail link for SUSE-SU-2019:0642-1
- SUSE Security Ratings
- SUSE Bug 1103367
- SUSE Bug 1120946
- SUSE CVE CVE-2018-10916 page
Описание
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:lftp-4.7.4-3.6.1
SUSE Linux Enterprise Desktop 12 SP4:lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server 12 SP3:lftp-4.7.4-3.6.1
SUSE Linux Enterprise Server 12 SP4:lftp-4.7.4-3.6.1
Ссылки
- CVE-2018-10916
- SUSE Bug 1103367