openSUSE-SU-2020:1736-1

Опубликовано: 25 окт. 2020

Источник: suse-cvrf

Описание

Security update for atftp

This update for atftp fixes the following issues:

[boo#1176437, CVE-2020-6097] A specially crafted sequence of RRQ-Multicast requests can trigger an assert() call resulting denial-of-service.

Список пакетов

openSUSE Leap 15.2

atftp-0.7.2-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PPGJC4KDV5O45BCXYYD3DHEOMQTSWOLQ/
E-Mail link for openSUSE-SU-2020:1736-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176437
SUSE Bug 1176437
https://www.suse.com/security/cve/CVE-2020-6097/
SUSE CVE CVE-2020-6097 page

Описание

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Затронутые продукты

openSUSE Leap 15.2:atftp-0.7.2-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-6097.html
CVE-2020-6097
https://bugzilla.suse.com/1176437
SUSE Bug 1176437

openSUSE-SU-2020:1736-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-6097

Описание

Затронутые продукты

Ссылки