exploitDog

openSUSE-SU-2017:0821-1

Опубликовано: 27 мар. 2017

Источник: suse-cvrf

Описание

Security update for qbittorrent

This update to qbittorrent 3.3.11 fixes the security issues and bugs.

The following vulnerabilities were fixed:

CVE-2017-6504: WebUI did not set the X-Frame-Options header (bsc#1028073)
CVE-2017-6503: WebUI did not escape many values, allowing for XSS (bsc#1028072)

Список пакетов

openSUSE Leap 42.1

qbittorrent-3.3.11-2.3.1

qbittorrent-nox-3.3.11-2.3.1

openSUSE Leap 42.2

qbittorrent-3.3.11-2.3.1

qbittorrent-nox-3.3.11-2.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-03/msg00086.html
E-Mail link for openSUSE-SU-2017:0821-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.

Затронутые продукты

openSUSE Leap 42.1:qbittorrent-3.3.11-2.3.1

openSUSE Leap 42.1:qbittorrent-nox-3.3.11-2.3.1

openSUSE Leap 42.2:qbittorrent-3.3.11-2.3.1

openSUSE Leap 42.2:qbittorrent-nox-3.3.11-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-6503.html
CVE-2017-6503
https://bugzilla.suse.com/1028072
SUSE Bug 1028072

Описание

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

Затронутые продукты

openSUSE Leap 42.1:qbittorrent-3.3.11-2.3.1

openSUSE Leap 42.1:qbittorrent-nox-3.3.11-2.3.1

openSUSE Leap 42.2:qbittorrent-3.3.11-2.3.1

openSUSE Leap 42.2:qbittorrent-nox-3.3.11-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-6504.html
CVE-2017-6504
https://bugzilla.suse.com/1028073
SUSE Bug 1028073