exploitDog

openSUSE-SU-2019:1388-1

Опубликовано: 13 мая 2019

Источник: suse-cvrf

Описание

Security update for signing-party

This update for signing-party fixes the following issues:

CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID.

Список пакетов

openSUSE Leap 15.0

signing-party-2.7-lp150.5.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P4LBOOSAOJK2GYZYJAKYSNCQP7DX2WIN/#P4LBOOSAOJK2GYZYJAKYSNCQP7DX2WIN
E-Mail link for openSUSE-SU-2019:1388-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1134040
SUSE Bug 1134040
https://www.suse.com/security/cve/CVE-2019-11627/
SUSE CVE CVE-2019-11627 page

Описание

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.

Затронутые продукты

openSUSE Leap 15.0:signing-party-2.7-lp150.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11627.html
CVE-2019-11627
https://bugzilla.suse.com/1134040
SUSE Bug 1134040