Описание
Security update for git-annex
This update for git-annex to version 6.20180626 fixes the following issues:
- CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier (bsc#1098062).
- CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes (bsc#1098364).
This update brings many other bug fixes and new features. http://hackage.haskell.org/package/git-annex-6.20180626/changelog has a detailed list of changes.
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 12
Ссылки
- E-Mail link for openSUSE-SU-2018:1896-1
- SUSE Security Ratings
Описание
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
Затронутые продукты
Ссылки
- CVE-2018-10857
- SUSE Bug 1098062
- SUSE Bug 1098364
Описание
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
Затронутые продукты
Ссылки
- CVE-2018-10859
- SUSE Bug 1098062
- SUSE Bug 1098364