MiracleLinux 8 : librepo-1.11.0-3.el8 (AXSA:2020-543:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-543:01 advisory. librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 CVE-2020-14352: A flaw was found in librepo in versions before...

Alibaba Cloud Linux 3 : 0087: librepo (ALINUX3-SA-2021:0087)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14352: A flaw was found in librepo in...

SUSE CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...

Mageia: Security Advisory (MGASA-2020-0429)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : librepo Vulnerability (NS-SA-2021-0170)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...

Advisory ROSA-SA-2021-1886

Software: librepo 1.8.1 OS: Cobalt 7.9 CVE-ID: CVE-2020-14352 CVE-Crit: HIGH CVE-DESC: A bug was discovered in librepo in versions prior to 1.12.1. A directory traversal vulnerability was discovered where paths in remote repository metadata could not be cleared. An attacker controlling a remote...

openSUSE: Security Advisory for librepo (openSUSE-SU-2021:0277-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2021-1607)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2021-1655)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : librepo (EulerOS-SA-2021-1607)

According to the version of the librepo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize pat...

NewStart CGSL CORE 5.04 / MAIN 5.04 : librepo Vulnerability (NS-SA-2021-0049)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...

OESA-2021-1055 librepo security update

A library providing C and Python libcURL like API to downloading repository metadata. Security Fixes: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a...

CentOS 8 : librepo (CESA-2020:3658)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3658 advisory. - librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 Note that Nessus has not tested for this issue but has instead...

Virtuozzo 7 : librepo / librepo-devel / python-librepo (VZLSA-2020-5012)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5012 advisory. - librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 Note that Nessus has not tested for this issue but ha...

Important: librepo

Issue Overview: A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path...

Amazon Linux 2 : librepo (ALAS-2020-1568)

The version of librepo installed on the remote host is prior to 1.8.1-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1568 advisory. A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...

CVE-2020-14352 affecting package librepo 1.11.0-4

CVE-2020-14352 affecting package librepo 1.11.0-4. A patched version of the package is available...

Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2020-2480)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

librepo, python security update

CentOS Errata and Security Advisory CESA-2020:5012 An update for librepo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : librepo (RHSA-2020:5012)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5012 advisory. - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...