openSUSE-SU-2018:0399-1

Опубликовано: 08 фев. 2018

Источник: suse-cvrf

Описание

security update for spice-vdagent

This update for spice-vdagent provides the following fixes:

This security issue was fixed:

CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724).

This non-security issue was fixed:

Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3

spice-vdagent-0.16.0-8.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-02/msg00028.html
E-Mail link for openSUSE-SU-2018:0399-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

Затронутые продукты

openSUSE Leap 42.3:spice-vdagent-0.16.0-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15108.html
CVE-2017-15108
https://bugzilla.suse.com/1070724
SUSE Bug 1070724

openSUSE-SU-2018:0399-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-15108

Описание

Затронутые продукты

Ссылки