Описание
Security update for open-lldp
This update for open-lldp fixes the following issues:
- CVE-2018-10932: Fixed an improper sanitization of shell-escape codes. (bsc#1104624)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
liblldp_clif1-0.9.46-7.3.1
open-lldp-0.9.46-7.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
liblldp_clif1-0.9.46-7.3.1
open-lldp-0.9.46-7.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
open-lldp-devel-0.9.46-7.3.1
Ссылки
- Link for SUSE-SU-2021:3520-1
- E-Mail link for SUSE-SU-2021:3520-1
- SUSE Security Ratings
- SUSE Bug 1104624
- SUSE CVE CVE-2018-10932 page
Описание
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:liblldp_clif1-0.9.46-7.3.1
SUSE Linux Enterprise Server 12 SP5:open-lldp-0.9.46-7.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:liblldp_clif1-0.9.46-7.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-lldp-0.9.46-7.3.1
Ссылки
- CVE-2018-10932
- SUSE Bug 1104624