openSUSE-SU-2017:2483-1

Опубликовано: 15 сент. 2017

Источник: suse-cvrf

Описание

Security update for cvs

This update for cvs fixes the following issues:

CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2

cvs-1.12.12-188.1

cvs-doc-1.12.12-188.1

openSUSE Leap 42.3

cvs-1.12.12-188.1

cvs-doc-1.12.12-188.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-09/msg00067.html
E-Mail link for openSUSE-SU-2017:2483-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."

Затронутые продукты

openSUSE Leap 42.2:cvs-1.12.12-188.1

openSUSE Leap 42.2:cvs-doc-1.12.12-188.1

openSUSE Leap 42.3:cvs-1.12.12-188.1

openSUSE Leap 42.3:cvs-doc-1.12.12-188.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12836.html
CVE-2017-12836
https://bugzilla.suse.com/1052481
SUSE Bug 1052481
https://bugzilla.suse.com/1052696
SUSE Bug 1052696
https://bugzilla.suse.com/1052932
SUSE Bug 1052932
https://bugzilla.suse.com/1053364
SUSE Bug 1053364
https://bugzilla.suse.com/1066430
SUSE Bug 1066430
https://bugzilla.suse.com/1071709
SUSE Bug 1071709

openSUSE-SU-2017:2483-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-12836

Описание

Затронутые продукты

Ссылки