openSUSE-SU-2020:1723-1

Опубликовано: 24 окт. 2020

Источник: suse-cvrf

Описание

Security update for kleopatra

This update for kleopatra fixes the following issues:

CVE-2020-24972: Add upstream patch to prevent potential arbitrary code execution (boo#1177932):

Список пакетов

openSUSE Leap 15.1

kleopatra-18.12.3-lp151.2.4.1

kleopatra-lang-18.12.3-lp151.2.4.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RRTOAQZYRJGZCDQTVPMX6ZS3EROBU7BS/
E-Mail link for openSUSE-SU-2020:1723-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177932
SUSE Bug 1177932
https://www.suse.com/security/cve/CVE-2020-24972/
SUSE CVE CVE-2020-24972 page

Описание

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Затронутые продукты

openSUSE Leap 15.1:kleopatra-18.12.3-lp151.2.4.1

openSUSE Leap 15.1:kleopatra-lang-18.12.3-lp151.2.4.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-24972.html
CVE-2020-24972
https://bugzilla.suse.com/1177932
SUSE Bug 1177932

openSUSE-SU-2020:1723-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-24972

Описание

Затронутые продукты

Ссылки