User: Password:
|
|
Subscribe / Log in / New account

kiwi: multiple vulnerabilities

Package(s):kiwi CVE #(s):CVE-2011-2225 CVE-2011-2226 CVE-2011-2644 CVE-2011-2645 CVE-2011-2646 CVE-2011-2647 CVE-2011-2648 CVE-2011-2649 CVE-2011-2650 CVE-2011-2651 CVE-2011-2652
Created:August 18, 2011 Updated:December 15, 2011
Description: From the SUSE advisory:

SUSE Studio was prone to several cross-site-scripting (XSS) and shell quoting issues.

  • CVE-2011-2652 - XSS vulnerability in overlay files: bad escaping archive file list
  • CVE-2011-2651 - Remote code execution via crafted filename in file browser
  • CVE-2011-2650 - XSS vulnerability when displaying RPM info (pattern name)
  • CVE-2011-2649 - Unwanted shell expansion when executing commands in FileUtils fix
  • CVE-2011-2648 - Arbitrary code execution via filters in modified files
  • CVE-2011-2647 - studio: Remote code execution via crafted archive name in testdrive's modified files
  • CVE-2011-2646 - studio: Remote code execution via crafted filename in testdrive's modified files
  • CVE-2011-2645 - Remote code execution via crafted custom RPM filename
  • CVE-2011-2644 - XSS vulnerability in displaying RPM info
  • CVE-2011-2226 - XSS vulnerability when displaying pattern listing
  • CVE-2011-2225 - Overlay directory pathes are not properly escaped before inclusion into config.sh
Alerts:
SUSE SUSE-SU-2011:1324-1 SUSE Studio Onsite 1.2 and kiwi 2011-12-15
SUSE SUSE-SU-2011:0917-1 kiwi 2011-08-18

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds