Описание
Security update for libzypp-plugin-appdata
This update for libzypp-plugin-appdata fixes the following issues:
- CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1
openSUSE Leap 15.4
libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1
openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1
Ссылки
- Link for SUSE-SU-2023:0095-1
- E-Mail link for SUSE-SU-2023:0095-1
- SUSE Security Ratings
- SUSE Bug 1206836
- SUSE CVE CVE-2023-22643 page
Описание
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP4:openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1
openSUSE Leap 15.4:libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1
openSUSE Leap 15.4:openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1
Ссылки
- CVE-2023-22643
- SUSE Bug 1206836