openSUSE-SU-2020:1289-1

Опубликовано: 30 авг. 2020

Источник: suse-cvrf

Описание

Security update for librepo

This update for librepo fixes the following issues:

Fixed path validation to prevent directory traversal attacks (bsc#1175475, CVE-2020-14352)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

librepo-devel-1.11.2-lp152.2.3.1

librepo0-1.11.2-lp152.2.3.1

python3-librepo-1.11.2-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2DH6WGXDJ45VIW5OBGKBLRE3HPNE3IPY/
E-Mail link for openSUSE-SU-2020:1289-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175475
SUSE Bug 1175475
https://www.suse.com/security/cve/CVE-2020-14352/
SUSE CVE CVE-2020-14352 page

Описание

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Затронутые продукты

openSUSE Leap 15.2:librepo-devel-1.11.2-lp152.2.3.1

openSUSE Leap 15.2:librepo0-1.11.2-lp152.2.3.1

openSUSE Leap 15.2:python3-librepo-1.11.2-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14352.html
CVE-2020-14352
https://bugzilla.suse.com/1175475
SUSE Bug 1175475

openSUSE-SU-2020:1289-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-14352

Описание

Затронутые продукты

Ссылки