Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

openSUSE: 2022:10095-1 Critical: Nim Security Update Announcement

opensuse
Calendar Grey August 24, 2022
Dist Opensuse Esm H88
A crucial patch addresses several security flaws in Nim for openSUSE. Ensure your system remains protected by applying the most recent updates.
An update that fixes 9 vulnerabilities is now available

Description

This update for nim fixes the following issues:

Includes upstream security fixes for:

* (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF

injection

* (boo#1175334, CVE-2020-15692) mishandle of argument to

browsers.openDefaultBrowser

* (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to

properly validate the server response

* (boo#1192712, CVE-2021-41259) null byte accepted in getContent function,

leading to URI validation bypass

* (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer

certificates by default

* (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS

certificate

* (boo#1185084, CVE-2021-21373) "nimble refresh" falls back to a non-TLS

URL in case of error

* (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute

arbitrary commands

* (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a

check for newline...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue update patches importance openSUSE Nim

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2022-10095=1

Package List

- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le x86_64):

nim-1.6.6-bp153.2.3.1

References

https://www.suse.com/security/cve/CVE-2020-15690.html

https://www.suse.com/security/cve/CVE-2020-15692.html

https://www.suse.com/security/cve/CVE-2020-15693.html

https://www.suse.com/security/cve/CVE-2020-15694.html

https://www.suse.com/security/cve/CVE-2021-21372.html

https://www.suse.com/security/cve/CVE-2021-21373.html

https://www.suse.com/security/cve/CVE-2021-21374.html

https://www.suse.com/security/cve/CVE-2021-29495.html

https://www.suse.com/security/cve/CVE-2021-41259.html

https://bugzilla.suse.com/1175332

https://bugzilla.suse.com/1175333

https://bugzilla.suse.com/1175334

https://bugzilla.suse.com/1181705

https://bugzilla.suse.com/1185083

https://bugzilla.suse.com/1185084

https://bugzilla.suse.com/1185085

https://bugzilla.suse.com/1185948

https://bugzilla.suse.com/1192712

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:10095-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 .

Topics%20covered

Topics Covered

security advisory security issue update patches importance openSUSE Nim

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here