openSUSE-SU-2021:0516-1

Опубликовано: 07 апр. 2021

Источник: suse-cvrf

Описание

Security update for isync

This update for isync fixes the following issues:

isync was updated to version 1.3.5
CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB (boo#1182488)

Список пакетов

openSUSE Leap 15.2

isync-1.3.5-lp152.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JHTHLJJZ7MOC6CJIECK5ALGTVO4U32PO/
E-Mail link for openSUSE-SU-2021:0516-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1182488
SUSE Bug 1182488
https://www.suse.com/security/cve/CVE-2021-20247/
SUSE CVE CVE-2021-20247 page

Описание

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые продукты

openSUSE Leap 15.2:isync-1.3.5-lp152.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20247.html
CVE-2021-20247
https://bugzilla.suse.com/1182488
SUSE Bug 1182488

openSUSE-SU-2021:0516-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-20247

Описание

Затронутые продукты

Ссылки