Lucene search
CentOS ProjectCESA-2020:5012HistoryNov 18, 2020 - 5:38 p.m.
librepo, python security update
2020-11-1817:38:35
CentOS Project
lists.centos.org
829
0.002 Low
EPSS
Percentile
55.0%
CentOS Errata and Security Advisory CESA-2020:5012
The librepo library provides a C and Python API to download repository metadata.
Security Fix(es):
- librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-November/085976.html
Affected packages:
librepo
librepo-devel
python-librepo
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:5012
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | i686 | librepo | < 1.8.1-8.el7_9 | librepo-1.8.1-8.el7_9.i686.rpm |
| CentOS | 7 | x86_64 | librepo | < 1.8.1-8.el7_9 | librepo-1.8.1-8.el7_9.x86_64.rpm |
| CentOS | 7 | i686 | librepo-devel | < 1.8.1-8.el7_9 | librepo-devel-1.8.1-8.el7_9.i686.rpm |
| CentOS | 7 | x86_64 | librepo-devel | < 1.8.1-8.el7_9 | librepo-devel-1.8.1-8.el7_9.x86_64.rpm |
| CentOS | 7 | x86_64 | python-librepo | < 1.8.1-8.el7_9 | python-librepo-1.8.1-8.el7_9.x86_64.rpm |
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : librepo (EulerOS-SA-2021-1655)
2021-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: createrepo_c-0.16.1-2.fc32
2020-10-18 15:50:32
[SECURITY] Fedora 32 Update: dnf-4.4.0-1.fc32
2020-10-18 15:50:34
[SECURITY] Fedora 33 Update: dnf-plugins-core-4.0.18-1.fc33
2020-10-27 01:21:31
osv
osv
CVE-2020-14352
2020-08-30 15:15:12
openvas
openvas
Fedora: Security Advisory for dnf (FEDORA-2020-5d9f0ce2b3)
2020-10-19 00:00:00
Fedora: Security Advisory for livecd-tools (FEDORA-2020-b40fc174b5)
2020-10-27 00:00:00
Fedora: Security Advisory for librepo (FEDORA-2020-7906a64449)
2020-10-19 00:00:00
redhat
redhat
(RHSA-2020:3756) Important: librepo security update
2020-09-15 16:17:35
(RHSA-2020:5012) Moderate: librepo security update
2020-11-10 09:39:39
(RHSA-2020:3658) Important: librepo security update
2020-09-08 08:37:04
redhatcve
redhatcve
CVE-2020-14352
2020-08-13 11:43:31
suse
suse
Security update for librepo (important)
2021-02-15 00:00:00
Security update for librepo (important)
2020-09-18 00:00:00
Security update for librepo (important)
2020-08-30 00:00:00
oraclelinux
oraclelinux
librepo security update
2020-09-09 00:00:00
librepo security update
2020-11-12 00:00:00
amazon
amazon
Important: librepo
2020-12-08 20:55:00
cbl_mariner
cbl_mariner
CVE-2020-14352 affecting package librepo 1.11.0-4
2020-11-30 19:30:42
rosalinux
rosalinux
Advisory ROSA-SA-2021-1886
2021-07-02 17:16:21
mageia
mageia
Updated librepo packages fix a security vulnerability
2020-11-21 15:21:00
cvelist
cvelist
CVE-2020-14352
2020-08-30 13:55:27
prion
prion
Design/Logic Flaw
2020-08-30 15:15:00
cve
cve
CVE-2020-14352
2020-08-30 15:15:00
veracode
veracode
Directory Traversal
2020-09-09 01:47:25
photon
photon
Important Photon OS Security Update - PHSA-2020-0164
2020-11-23 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0164
2020-11-23 00:00:00
