openSUSE-SU-2019:1110-1

Опубликовано: 02 апр. 2019

Источник: suse-cvrf

Описание

Security update for lftp

This update for lftp fixes the following issues: Security issue fixed:

CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367).

Other issue addressed:

The SSH login handling code detects password prompts more reliably (bsc#1120946).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

lftp-4.8.3-lp150.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZFM7KI5WN2TTJGW46TEIEVSEIISQ7N3/#ZZFM7KI5WN2TTJGW46TEIEVSEIISQ7N3
E-Mail link for openSUSE-SU-2019:1110-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1103367
SUSE Bug 1103367
https://bugzilla.suse.com/1120946
SUSE Bug 1120946
https://www.suse.com/security/cve/CVE-2018-10916/
SUSE CVE CVE-2018-10916 page

Описание

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.

Затронутые продукты

openSUSE Leap 15.0:lftp-4.8.3-lp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10916.html
CVE-2018-10916
https://bugzilla.suse.com/1103367
SUSE Bug 1103367

openSUSE-SU-2019:1110-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-10916

Описание

Затронутые продукты

Ссылки