Описание
Security update for hexchat
This update for hexchat fixes the following issues:
- CVE-2016-2087: A directory traversal was possible if a user could be convinced to connect to a server with a hostname with '..' in its name. (bsc#1020739).
This non-security issue was fixed:
- Add dependency on iso-codes and hwdata as hexchat tries to use them (bsc#1034310)
Список пакетов
SUSE Linux Enterprise Workstation Extension 12 SP5
hexchat-2.12.0-6.5.146
hexchat-lang-2.12.0-6.5.146
Ссылки
- Link for SUSE-SU-2020:2872-1
- E-Mail link for SUSE-SU-2020:2872-1
- SUSE Security Ratings
- SUSE Bug 1020739
- SUSE Bug 1034310
- SUSE CVE CVE-2016-2087 page
Описание
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 12 SP5:hexchat-2.12.0-6.5.146
SUSE Linux Enterprise Workstation Extension 12 SP5:hexchat-lang-2.12.0-6.5.146
Ссылки
- CVE-2016-2087
- SUSE Bug 1020739