Описание
Security update for gegl
This update for gegl fixes the following issues:
- CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
gegl-devel-0.2.0-15.6.1
libgegl-0_2-0-0.2.0-15.6.1
SUSE Linux Enterprise Workstation Extension 12 SP5
gegl-0_2-0.2.0-15.6.1
gegl-0_2-lang-0.2.0-15.6.1
libgegl-0_2-0-0.2.0-15.6.1
Ссылки
- Link for SUSE-SU-2021:4193-1
- E-Mail link for SUSE-SU-2021:4193-1
- SUSE Security Ratings
- SUSE Bug 1194045
- SUSE CVE CVE-2021-45463 page
Описание
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:gegl-devel-0.2.0-15.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libgegl-0_2-0-0.2.0-15.6.1
SUSE Linux Enterprise Workstation Extension 12 SP5:gegl-0_2-0.2.0-15.6.1
SUSE Linux Enterprise Workstation Extension 12 SP5:gegl-0_2-lang-0.2.0-15.6.1
Ссылки
- CVE-2021-45463
- SUSE Bug 1194045