Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2020-0429 Moderate: librepo Directory Traversal Threat

mageia
Calendar Grey November 21, 2020
Dist Mageia Esm H88
Mageia 2020-0428 addresses a security vulnerability in librepo that could lead to unauthorized access, jeopardizing the integrity of the system.
It was discovered that librepo was subject to a directory traversal vulnerability where it failed to sanitize paths in remote repository metadata

Summary

It was discovered that librepo was subject to a directory traversal vulnerability where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files (CVE-2020-14352).

References

- https://bugs.mageia.org/show_bug.cgi?id=27241

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/33RX4P5R5YL4NZSFSE4NOX37X6YCXAS4/

- https://access.redhat.com/errata/RHSA-2020:5012

- - https://www.cve.org/CVERecord?id=CVE-2020-14352

Topics%20covered

Topics Covered

security advisory directory traversal system compromise mageia librepo

Resolution

SRPMS

- 7/core/librepo-1.10.3-1.1.mga7

Publication date: 21 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0429.html
Type: security
CVE: CVE-2020-14352

Topics%20covered

Topics Covered

security advisory directory traversal system compromise mageia librepo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here