openSUSE-SU-2021:0605-1

Опубликовано: 23 апр. 2021

Источник: suse-cvrf

Описание

Security update for apache-commons-io

This update for apache-commons-io fixes the following issues:

CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

apache-commons-io-2.6-lp152.2.3.1

apache-commons-io-javadoc-2.6-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UIQCDUGRMCM4KVIIQEW45HTWGY6U3D2F/
E-Mail link for openSUSE-SU-2021:0605-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184755
SUSE Bug 1184755
https://www.suse.com/security/cve/CVE-2021-29425/
SUSE CVE CVE-2021-29425 page

Описание

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Затронутые продукты

openSUSE Leap 15.2:apache-commons-io-2.6-lp152.2.3.1

openSUSE Leap 15.2:apache-commons-io-javadoc-2.6-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-29425.html
CVE-2021-29425
https://bugzilla.suse.com/1184755
SUSE Bug 1184755

openSUSE-SU-2021:0605-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-29425

Описание

Затронутые продукты

Ссылки