Oval Definition:
oval:com.ubuntu.cosmic:def:2017148040000000
Revision Date
:
2018-03-01
Version
:
1
Title
:
CVE-2017-14804 on Ubuntu 18.10 (cosmic) - medium.
Description
:
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2017-14804
Platform(s)
:
Ubuntu 18.10
Product(s)
:
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed.
AND
obs-build package in cosmic, is related to the CVE in some way and has been fixed (note: '20180302-3').
BACK