SUSE-SU-2019:0643-1

Опубликовано: 19 мар. 2019

Источник: suse-cvrf

Описание

Security update for lftp

This update for lftp fixes the following issues: Security issue fixed:

CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367).

Other issue addressed:

The SSH login handling code detects password prompts more reliably (bsc#1120946).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

lftp-4.8.3-4.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190643-1/
Link for SUSE-SU-2019:0643-1
https://www.suse.com/support/update/announcement/2019/suse-su-20190643-1.html
E-Mail link for SUSE-SU-2019:0643-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1103367
SUSE Bug 1103367
https://bugzilla.suse.com/1120946
SUSE Bug 1120946
https://www.suse.com/security/cve/CVE-2018-10916/
SUSE CVE CVE-2018-10916 page

Описание

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:lftp-4.8.3-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10916.html
CVE-2018-10916
https://bugzilla.suse.com/1103367
SUSE Bug 1103367

SUSE-SU-2019:0643-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

Ссылки

Уязвимость: CVE-2018-10916

Описание

Затронутые продукты

Ссылки