openSUSE-SU-2019:2005-1

Опубликовано: 24 авг. 2019

Источник: suse-cvrf

Описание

Security update for qbittorrent

This update for qbittorrent fixes the following issues:

CVE-2019-13640: avoid command injection (boo#1141967)

Список пакетов

openSUSE Leap 15.1

qbittorrent-4.1.5-lp151.2.3.1

qbittorrent-nox-4.1.5-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EW6WWV35733OOWXPWMSCFWN2PZDOHPSF/#EW6WWV35733OOWXPWMSCFWN2PZDOHPSF
E-Mail link for openSUSE-SU-2019:2005-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1141967
SUSE Bug 1141967
https://www.suse.com/security/cve/CVE-2019-13640/
SUSE CVE CVE-2019-13640 page

Описание

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.

Затронутые продукты

openSUSE Leap 15.1:qbittorrent-4.1.5-lp151.2.3.1

openSUSE Leap 15.1:qbittorrent-nox-4.1.5-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13640.html
CVE-2019-13640
https://bugzilla.suse.com/1141967
SUSE Bug 1141967

openSUSE-SU-2019:2005-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-13640

Описание

Затронутые продукты

Ссылки