Описание
Security update for libzypp-plugin-appdata
This update for libzypp-plugin-appdata fixes the following issues:
- CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836).
- Added hardening to systemd service (bsc#1181400).
Список пакетов
SUSE Enterprise Storage 6
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Enterprise Storage 7
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Enterprise Storage 7.1
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Real Time 15 SP3
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
Ссылки
- Link for SUSE-SU-2023:0140-1
- E-Mail link for SUSE-SU-2023:0140-1
- SUSE Security Ratings
- SUSE Bug 1181400
- SUSE Bug 1206836
- SUSE CVE CVE-2023-22643 page
Описание
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
Затронутые продукты
SUSE Enterprise Storage 6:libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Enterprise Storage 7.1:libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Enterprise Storage 7:libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1
Ссылки
- CVE-2023-22643
- SUSE Bug 1206836