openSUSE-SU-2018:2213-1

Опубликовано: 06 авг. 2018

Источник: suse-cvrf

Описание

Security update for python-dulwich

This update for python-dulwich to version 0.18.5 fixes this security issue:

CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (bsc#1066430).

For detailed changes please see https://www.dulwich.io/code/dulwich/

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

python-dulwich-0.18.5-11.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00014.html
E-Mail link for openSUSE-SU-2018:2213-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

Затронутые продукты

openSUSE Leap 42.3:python-dulwich-0.18.5-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-16228.html
CVE-2017-16228
https://bugzilla.suse.com/1053364
SUSE Bug 1053364
https://bugzilla.suse.com/1066430
SUSE Bug 1066430
https://bugzilla.suse.com/1071709
SUSE Bug 1071709

openSUSE-SU-2018:2213-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-16228

Описание

Затронутые продукты

Ссылки