SUSE Package Hub - openSUSE-2021-1279

Update Info

openSUSE-2021-1279

Security update for haserl

Type: security

Severity: moderate

Issued: 2021-09-16

Description:

This update for haserl fixes the following issues:

Update to version 0.9.36:

* Fixed: Its possible to issue a PUT request without a CONTENT-TYPE.
  Assume an octet-stream in that case.
  This is CVE-2021-29133 and boo#1187671
* Change the Prefix for variables to be the REQUEST_METHOD
  (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE
* Mitigations vs running haserl to get access to files not
  available to the user.

References

CVE: CVE-2021-29133
Bugzilla: 1187671 VUL-0: CVE-2021-29133: haserl: information disclosure due to setuid binaries

Packages

haserl-0.9.36-bp153.2.3.1