SUSE-SU-2021:0800-1

Опубликовано: 16 мар. 2021

Источник: suse-cvrf

Описание

Security update for velocity

This update for velocity fixes the following issues:

CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates (bsc#1183360).

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP2

velocity-1.7-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210800-1/
Link for SUSE-SU-2021:0800-1
https://lists.suse.com/pipermail/sle-security-updates/2021-March/008494.html
E-Mail link for SUSE-SU-2021:0800-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1183360
SUSE Bug 1183360
https://www.suse.com/security/cve/CVE-2020-13936/
SUSE CVE CVE-2020-13936 page

Описание

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15 SP2:velocity-1.7-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13936.html
CVE-2020-13936
https://bugzilla.suse.com/1183360
SUSE Bug 1183360

SUSE-SU-2021:0800-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP2

Ссылки

Уязвимость: CVE-2020-13936

Описание

Затронутые продукты

Ссылки