openSUSE-SU-2021:4209-1

Опубликовано: 31 дек. 2021

Источник: suse-cvrf

Описание

Security update for gegl

This update for gegl fixes the following issues:

CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045).

Список пакетов

openSUSE Leap 15.3

gegl-0.4.16-3.3.1

gegl-0_4-0.4.16-3.3.1

gegl-0_4-lang-0.4.16-3.3.1

gegl-devel-0.4.16-3.3.1

gegl-doc-0.4.16-3.3.1

libgegl-0_4-0-0.4.16-3.3.1

libgegl-0_4-0-32bit-0.4.16-3.3.1

typelib-1_0-Gegl-0_4-0.4.16-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G3NMUTGIH3QYFBHM25LC7HLI7HKVOYCU/
E-Mail link for openSUSE-SU-2021:4209-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194045
SUSE Bug 1194045
https://www.suse.com/security/cve/CVE-2021-45463/
SUSE CVE CVE-2021-45463 page

Описание

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Затронутые продукты

openSUSE Leap 15.3:gegl-0.4.16-3.3.1

openSUSE Leap 15.3:gegl-0_4-0.4.16-3.3.1

openSUSE Leap 15.3:gegl-0_4-lang-0.4.16-3.3.1

openSUSE Leap 15.3:gegl-devel-0.4.16-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-45463.html
CVE-2021-45463
https://bugzilla.suse.com/1194045
SUSE Bug 1194045

openSUSE-SU-2021:4209-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-45463

Описание

Затронутые продукты

Ссылки