Описание
Security update for osc
This update for osc fixes the following issues:
Security issue fixed:
- CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2020:1528-1
- E-Mail link for SUSE-SU-2020:1528-1
- SUSE Security Ratings
- SUSE Bug 1122675
- SUSE CVE CVE-2019-3681 page
Описание
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
Затронутые продукты
Ссылки
- CVE-2019-3681
- SUSE Bug 1122675