SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-95

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-95

Security update for libzypp-plugin-appdata

Type: security

Severity: important

Issued: 2023-01-17

Description:

This update for libzypp-plugin-appdata fixes the following issues:

- CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836).

References

CVE: CVE-2023-22643
Bugzilla: 1206836 VUL-0: CVE-2023-22643: EMBARGOED: libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

Packages

libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1