Описание
Security update for haserl
This update for haserl fixes the following issues:
Update to version 0.9.36:
- Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. This is CVE-2021-29133 and boo#1187671
- Change the Prefix for variables to be the REQUEST_METHOD (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE
- Mitigations vs running haserl to get access to files not available to the user.
Список пакетов
SUSE Package Hub 15 SP1
haserl-0.9.36-bp153.2.3.1
SUSE Package Hub 15 SP2
haserl-0.9.36-bp153.2.3.1
SUSE Package Hub 15 SP3
haserl-0.9.36-bp153.2.3.1
openSUSE Leap 15.2
haserl-0.9.36-bp153.2.3.1
openSUSE Leap 15.3
haserl-0.9.36-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1279-1
- SUSE Security Ratings
- SUSE Bug 1187671
- SUSE CVE CVE-2021-29133 page
Описание
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
Затронутые продукты
SUSE Package Hub 15 SP1:haserl-0.9.36-bp153.2.3.1
SUSE Package Hub 15 SP2:haserl-0.9.36-bp153.2.3.1
SUSE Package Hub 15 SP3:haserl-0.9.36-bp153.2.3.1
openSUSE Leap 15.2:haserl-0.9.36-bp153.2.3.1
Ссылки
- CVE-2021-29133
- SUSE Bug 1187671