Oval Definition:oval:org.opensuse.security:def:202014352
Revision Date:2022-06-30Version:1
Title:CVE-2020-14352
Description:

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-14352
openSUSE-SU-2020:1289-1
openSUSE-SU-2020:1428-1
Mitre CVE-2020-14352
SUSE CVE-2020-14352
openSUSE-SU-2020:1289-1
openSUSE-SU-2020:1428-1
openSUSE-SU-2021:0277-1
openSUSE-SU-2021:0295-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 15.3 SLE Imports
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
SUSE Package Hub for SUSE Linux Enterprise 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • librepo-1.11.2-3.4 is installed
  • OR librepo-devel-1.11.2-3.4 is installed
  • OR librepo0-1.11.2-3.4 is installed
  • OR python3-librepo-1.11.2-3.4 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • librepo-devel-1.12.1-lp152.2.6.1 is installed
  • AND librepo-devel is signed with openSUSE key
  • OR
  • librepo0-1.12.1-lp152.2.6.1 is installed
  • AND librepo0 is signed with openSUSE key
  • OR
  • python3-librepo-1.12.1-lp152.2.6.1 is installed
  • AND python3-librepo is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.3 SLE Imports is installed
  • AND Package Information
  • librepo-devel-1.12.1-3.7.1 is installed
  • AND librepo-devel is signed with openSUSE key
  • OR
  • librepo0-1.12.1-3.7.1 is installed
  • AND librepo0 is signed with openSUSE key
  • OR
  • python3-librepo-1.12.1-3.7.1 is installed
  • AND python3-librepo is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • librepo-devel-1.14.2-1.2 is installed
  • OR librepo0-1.14.2-1.2 is installed
  • OR python3-librepo-1.14.2-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed
  • AND Package Information
  • librepo-devel-1.12.1-bp152.2.6.1 is installed
  • OR librepo0-1.12.1-bp152.2.6.1 is installed
  • OR python3-librepo-1.12.1-bp152.2.6.1 is installed
    • BACK