Oval Definition:
oval:com.ubuntu.disco:def:2017148040000000
Revision Date
:
2018-03-01
Version
:
1
Title
:
CVE-2017-14804 on Ubuntu 19.04 (disco) - medium.
Description
:
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2017-14804
Platform(s)
:
Ubuntu 19.04
Product(s)
:
Definition Synopsis
Ubuntu 19.04 (disco) is installed.
AND
obs-build package in disco, is related to the CVE in some way and has been fixed (note: '20180302-3').
BACK