openSUSE-SU-2021:1170-1

Опубликовано: 20 авг. 2021

Источник: suse-cvrf

Описание

Security update for isync

This update for isync fixes the following issues:

Update to version 1.3.6

This is a security release that fixes CVE-2021-3578.

Список пакетов

openSUSE Leap 15.2

isync-1.3.6-lp152.4.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6A6P63QN4YYJFZ5R2SZQBKXYFGDXZYW4/
E-Mail link for openSUSE-SU-2021:1170-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186939
SUSE Bug 1186939
https://www.suse.com/security/cve/CVE-2021-3578/
SUSE CVE CVE-2021-3578 page

Описание

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

Затронутые продукты

openSUSE Leap 15.2:isync-1.3.6-lp152.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3578.html
CVE-2021-3578
https://bugzilla.suse.com/1186939
SUSE Bug 1186939

openSUSE-SU-2021:1170-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-3578

Описание

Затронутые продукты

Ссылки