openSUSE-SU-2021:4210-1

Опубликовано: 31 дек. 2021

Источник: suse-cvrf

Описание

Security update for gegl

This update for gegl fixes the following issues:

CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback (bsc#1194045).

Список пакетов

openSUSE Leap 15.3

gegl-0_3-0.3.34-3.3.1

gegl-0_3-lang-0.3.34-3.3.1

libgegl-0_3-0-0.3.34-3.3.1

typelib-1_0-Gegl-0_3-0.3.34-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RX6HXJTBZCMRDZYVM6S3UTQCHL44WX35/
E-Mail link for openSUSE-SU-2021:4210-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194045
SUSE Bug 1194045
https://www.suse.com/security/cve/CVE-2021-45463/
SUSE CVE CVE-2021-45463 page

Описание

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Затронутые продукты

openSUSE Leap 15.3:gegl-0_3-0.3.34-3.3.1

openSUSE Leap 15.3:gegl-0_3-lang-0.3.34-3.3.1

openSUSE Leap 15.3:libgegl-0_3-0-0.3.34-3.3.1

openSUSE Leap 15.3:typelib-1_0-Gegl-0_3-0.3.34-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-45463.html
CVE-2021-45463
https://bugzilla.suse.com/1194045
SUSE Bug 1194045

openSUSE-SU-2021:4210-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-45463

Описание

Затронутые продукты

Ссылки