Описание
Security update for gegl
This update for gegl fixes the following issues:
- CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045).
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP2
gegl-0_3-0.3.34-3.3.1
libgegl-0_3-0-0.3.34-3.3.1
typelib-1_0-Gegl-0_3-0.3.34-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3
gegl-0_3-0.3.34-3.3.1
libgegl-0_3-0-0.3.34-3.3.1
typelib-1_0-Gegl-0_3-0.3.34-3.3.1
Ссылки
- Link for SUSE-SU-2021:4210-1
- E-Mail link for SUSE-SU-2021:4210-1
- SUSE Security Ratings
- SUSE Bug 1194045
- SUSE CVE CVE-2021-45463 page
Описание
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP2:gegl-0_3-0.3.34-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP2:libgegl-0_3-0-0.3.34-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP2:typelib-1_0-Gegl-0_3-0.3.34-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3:gegl-0_3-0.3.34-3.3.1
Ссылки
- CVE-2021-45463
- SUSE Bug 1194045