exploitDog

openSUSE-SU-2022:10178-1

Опубликовано: 31 окт. 2022

Источник: suse-cvrf

Описание

Security update for jhead

This update for jhead fixes the following issues:

CVE-2022-41751: Fixed shell injection via filenames (boo#1204409)

Список пакетов

SUSE Package Hub 15 SP3

jhead-3.00-bp153.3.3.1

openSUSE Leap 15.3

jhead-3.00-bp153.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HFMTRO5RSDHT5PY4FQHOWNZRZQHNYXPB/
E-Mail link for openSUSE-SU-2022:10178-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1204409
SUSE Bug 1204409
https://www.suse.com/security/cve/CVE-2022-41751/
SUSE CVE CVE-2022-41751 page

Описание

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

Затронутые продукты

SUSE Package Hub 15 SP3:jhead-3.00-bp153.3.3.1

openSUSE Leap 15.3:jhead-3.00-bp153.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-41751.html
CVE-2022-41751
https://bugzilla.suse.com/1204409
SUSE Bug 1204409