SUSE-SU-2022:0069-2

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for libmspack

This update for libmspack fixes the following issues:

CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040).

Список пакетов

Container rancher/elemental-teal-iso/5.4:latest

libmspack0-0.6-3.14.1

Container rancher/elemental-teal-rt/5.3:latest

libmspack0-0.6-3.14.1

Container rancher/elemental-teal-rt/5.4:latest

libmspack0-0.6-3.14.1

Container rancher/elemental-teal/5.3:latest

libmspack0-0.6-3.14.1

Container rancher/elemental-teal/5.4:latest

libmspack0-0.6-3.14.1

Container suse/sle-micro-rancher/5.2:latest

libmspack0-0.6-3.14.1

Container suse/sle-micro-rancher/5.3:latest

libmspack0-0.6-3.14.1

Container suse/sle-micro-rancher/5.4:latest

libmspack0-0.6-3.14.1

Container suse/sle-micro/5.5:latest

libmspack0-0.6-3.14.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libmspack0-0.6-3.14.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libmspack0-0.6-3.14.1

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

libmspack0-0.6-3.14.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

libmspack0-0.6-3.14.1

SUSE Linux Enterprise Real Time 15 SP2

libmspack-devel-0.6-3.14.1

libmspack0-0.6-3.14.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220069-2/
Link for SUSE-SU-2022:0069-2
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010258.html
E-Mail link for SUSE-SU-2022:0069-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1113040
SUSE Bug 1113040
https://www.suse.com/security/cve/CVE-2018-18586/
SUSE CVE CVE-2018-18586 page

Описание

** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.

Затронутые продукты

Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.14.1

Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.14.1

Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.14.1

Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18586.html
CVE-2018-18586
https://bugzilla.suse.com/1113038
SUSE Bug 1113038
https://bugzilla.suse.com/1113039
SUSE Bug 1113039
https://bugzilla.suse.com/1113040
SUSE Bug 1113040

SUSE-SU-2022:0069-2

Описание

Список пакетов

Container rancher/elemental-teal-iso/5.4:latest

Container rancher/elemental-teal-rt/5.3:latest

Container rancher/elemental-teal-rt/5.4:latest

Container rancher/elemental-teal/5.3:latest

Container rancher/elemental-teal/5.4:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/5.5:latest

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

SUSE Linux Enterprise Real Time 15 SP2

Ссылки

Уязвимость: CVE-2018-18586

Описание

Затронутые продукты

Ссылки