[Bug 1175475] New: VUL-0: CVE-2020-14352: librepo: missing path validation in repomd.xml may lead to directory traversal

19 Aug 2020

      http://bugzilla.opensuse.org/show_bug.cgi?id=1175475

            Bug ID: 1175475
           Summary: VUL-0: CVE-2020-14352: librepo: missing path
                    validation in repomd.xml may lead to directory
                    traversal
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.1
          Hardware: Other
               URL: https://smash.suse.de/issue/265258/
                OS: Other
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: Security
          Assignee: christian.voegl@suse.com
          Reporter: rfrohl@suse.com
        QA Contact: security-team@suse.de
                CC: pth@suse.com
          Found By: Security Response Team
           Blocker: ---

rh#1866498

Librepo fails to sanitize paths in the 'repomd.xml' configuration file.
Malformed or malicious repository metadata could allow a remote attacker to
copy files outside of the destination directory via path traversal. Considering
that DNF runs as root, this flaw could potentially result in system compromise
via arbitrary file overwriting of critical system files.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1866498
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14352
https://access.redhat.com/security/cve/CVE-2020-14352

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1175475] New: VUL-0: CVE-2020-14352: librepo: missing path validation in repomd.xml may lead to directory traversal

bugzilla_noreply＠suse.com