Synopsis
Important: librepo security update
Type/Severity
Security Advisory: Important
Topic
An update for librepo is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The librepo library provides a C and Python API to download repository metadata.
Security Fix(es):
- librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
-
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Fixes
-
BZ - 1866498
- CVE-2020-14352 librepo: missing path validation in repomd.xml may lead to directory traversal
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
x86_64 |
librepo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: dea4e4deca24251f05fdf3cb7b5dc78099f92df1d6d828416157b550d25ad5fd |
librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 5625727f60b2600767ad77647c468fa535be7db05c1c5a4c19c19a9b050ad69c |
librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 73b204bb7513ff5dd9502e2bc779056b36330a3dc7d917aa84d1bc1ef08aa6ba |
librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: fc6b875f0fe62cdb5efff596c972d44d2a1f3d5a3d40acb988a95dc2fc6be3b9 |
librepo-debugsource-1.11.0-3.el8_2.i686.rpm
|
SHA-256: fb72142d9f907dbad979080348efdc78ed146e093b7cf8dca8478eb510625141 |
librepo-debugsource-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 8b8ec5b01aee7c7f2088352a7d4787e25ecad19b311371f19f940baba73717d3 |
python3-librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: f623cc38f5fc796781723a2d1d7b94d6e5f425642a98d2a5429f4dd9d5b27686 |
python3-librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 25a0d1d1f4e29b065780a0ecec01f72d8230963f87dee6bebc8e6b8efc79703c |
python3-librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: bc8eb6ff4337f3f6dce7e107fd50ffcebf35e7bb7068e69c22d949be3a0376ce |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
x86_64 |
librepo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: dea4e4deca24251f05fdf3cb7b5dc78099f92df1d6d828416157b550d25ad5fd |
librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 5625727f60b2600767ad77647c468fa535be7db05c1c5a4c19c19a9b050ad69c |
librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 73b204bb7513ff5dd9502e2bc779056b36330a3dc7d917aa84d1bc1ef08aa6ba |
librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: fc6b875f0fe62cdb5efff596c972d44d2a1f3d5a3d40acb988a95dc2fc6be3b9 |
librepo-debugsource-1.11.0-3.el8_2.i686.rpm
|
SHA-256: fb72142d9f907dbad979080348efdc78ed146e093b7cf8dca8478eb510625141 |
librepo-debugsource-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 8b8ec5b01aee7c7f2088352a7d4787e25ecad19b311371f19f940baba73717d3 |
python3-librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: f623cc38f5fc796781723a2d1d7b94d6e5f425642a98d2a5429f4dd9d5b27686 |
python3-librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 25a0d1d1f4e29b065780a0ecec01f72d8230963f87dee6bebc8e6b8efc79703c |
python3-librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: bc8eb6ff4337f3f6dce7e107fd50ffcebf35e7bb7068e69c22d949be3a0376ce |
Red Hat Enterprise Linux Server - AUS 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
x86_64 |
librepo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: dea4e4deca24251f05fdf3cb7b5dc78099f92df1d6d828416157b550d25ad5fd |
librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 5625727f60b2600767ad77647c468fa535be7db05c1c5a4c19c19a9b050ad69c |
librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 73b204bb7513ff5dd9502e2bc779056b36330a3dc7d917aa84d1bc1ef08aa6ba |
librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: fc6b875f0fe62cdb5efff596c972d44d2a1f3d5a3d40acb988a95dc2fc6be3b9 |
librepo-debugsource-1.11.0-3.el8_2.i686.rpm
|
SHA-256: fb72142d9f907dbad979080348efdc78ed146e093b7cf8dca8478eb510625141 |
librepo-debugsource-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 8b8ec5b01aee7c7f2088352a7d4787e25ecad19b311371f19f940baba73717d3 |
python3-librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: f623cc38f5fc796781723a2d1d7b94d6e5f425642a98d2a5429f4dd9d5b27686 |
python3-librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 25a0d1d1f4e29b065780a0ecec01f72d8230963f87dee6bebc8e6b8efc79703c |
python3-librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: bc8eb6ff4337f3f6dce7e107fd50ffcebf35e7bb7068e69c22d949be3a0376ce |
Red Hat Enterprise Linux for IBM z Systems 8
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
s390x |
librepo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: cda8ffdb62b75c6e79157c0f29008ffb5c55d590e9ad113ec14463ae2f90e10f |
librepo-debuginfo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: ba332f2c699029166b289553ef8cb6af9e29ebe4f1c186a332a52a4ff29f19ff |
librepo-debugsource-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: 12090e82f2c18d502899ee4cf8ffd3d84a46bc5707f5169e176fe774c3373c5f |
python3-librepo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: c272aa786b3c2374500a527e954c91315b656d7b5f99ff22c882b41e4b7e7c0a |
python3-librepo-debuginfo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: 6b8479dd2bbdf99fc26cea4e27813f45cffcaac697a896c8a9f9200496caef2b |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
s390x |
librepo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: cda8ffdb62b75c6e79157c0f29008ffb5c55d590e9ad113ec14463ae2f90e10f |
librepo-debuginfo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: ba332f2c699029166b289553ef8cb6af9e29ebe4f1c186a332a52a4ff29f19ff |
librepo-debugsource-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: 12090e82f2c18d502899ee4cf8ffd3d84a46bc5707f5169e176fe774c3373c5f |
python3-librepo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: c272aa786b3c2374500a527e954c91315b656d7b5f99ff22c882b41e4b7e7c0a |
python3-librepo-debuginfo-1.11.0-3.el8_2.s390x.rpm
|
SHA-256: 6b8479dd2bbdf99fc26cea4e27813f45cffcaac697a896c8a9f9200496caef2b |
Red Hat Enterprise Linux for Power, little endian 8
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
ppc64le |
librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 826ec9a108e0b6f5b0b2a180f1e5b36252c1b333a0c62183dad6b91d2a66660e |
librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 8316cd73342ca47abc2ac0b050a80daea291a6c241ff043378f3995b022c87b7 |
librepo-debugsource-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 197f4cc38b582904a3d2d6071192058beeef4a1ebe41ad5c4cc465294c9d9d22 |
python3-librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 79e12f6afd029b7de91ec6f718bdcdb249724c79dea90973f9ddd1510408277b |
python3-librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 031b696815a9d48da17d4673355e2f5e6225d568f957a18fb21ddfd75adbcc23 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
ppc64le |
librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 826ec9a108e0b6f5b0b2a180f1e5b36252c1b333a0c62183dad6b91d2a66660e |
librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 8316cd73342ca47abc2ac0b050a80daea291a6c241ff043378f3995b022c87b7 |
librepo-debugsource-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 197f4cc38b582904a3d2d6071192058beeef4a1ebe41ad5c4cc465294c9d9d22 |
python3-librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 79e12f6afd029b7de91ec6f718bdcdb249724c79dea90973f9ddd1510408277b |
python3-librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 031b696815a9d48da17d4673355e2f5e6225d568f957a18fb21ddfd75adbcc23 |
Red Hat Enterprise Linux Server - TUS 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
x86_64 |
librepo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: dea4e4deca24251f05fdf3cb7b5dc78099f92df1d6d828416157b550d25ad5fd |
librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 5625727f60b2600767ad77647c468fa535be7db05c1c5a4c19c19a9b050ad69c |
librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 73b204bb7513ff5dd9502e2bc779056b36330a3dc7d917aa84d1bc1ef08aa6ba |
librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: fc6b875f0fe62cdb5efff596c972d44d2a1f3d5a3d40acb988a95dc2fc6be3b9 |
librepo-debugsource-1.11.0-3.el8_2.i686.rpm
|
SHA-256: fb72142d9f907dbad979080348efdc78ed146e093b7cf8dca8478eb510625141 |
librepo-debugsource-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 8b8ec5b01aee7c7f2088352a7d4787e25ecad19b311371f19f940baba73717d3 |
python3-librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: f623cc38f5fc796781723a2d1d7b94d6e5f425642a98d2a5429f4dd9d5b27686 |
python3-librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 25a0d1d1f4e29b065780a0ecec01f72d8230963f87dee6bebc8e6b8efc79703c |
python3-librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: bc8eb6ff4337f3f6dce7e107fd50ffcebf35e7bb7068e69c22d949be3a0376ce |
Red Hat Enterprise Linux for ARM 64 8
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
aarch64 |
librepo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 73bbeb49c7bfc4c5280f07ec77edefb496f07092347b8063ae13e8c8d6015f55 |
librepo-debuginfo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: e88919c6d830fd53a62cfe2a3c2e93ba31119cdcf227be866535956329d04be2 |
librepo-debugsource-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: f9e86af04226ab649ac65463b2f310b3718108205b45d0df8d4050b9f83668d1 |
python3-librepo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 1655b2f5054594ef8ecd63af98f3695eabd310242ccae9dd24599e011dcf135f |
python3-librepo-debuginfo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 28426ca233c43ba8abe3f18e7d0fcca8a5f32edde0f89364b450a710b59a92bd |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
aarch64 |
librepo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 73bbeb49c7bfc4c5280f07ec77edefb496f07092347b8063ae13e8c8d6015f55 |
librepo-debuginfo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: e88919c6d830fd53a62cfe2a3c2e93ba31119cdcf227be866535956329d04be2 |
librepo-debugsource-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: f9e86af04226ab649ac65463b2f310b3718108205b45d0df8d4050b9f83668d1 |
python3-librepo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 1655b2f5054594ef8ecd63af98f3695eabd310242ccae9dd24599e011dcf135f |
python3-librepo-debuginfo-1.11.0-3.el8_2.aarch64.rpm
|
SHA-256: 28426ca233c43ba8abe3f18e7d0fcca8a5f32edde0f89364b450a710b59a92bd |
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
ppc64le |
librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 826ec9a108e0b6f5b0b2a180f1e5b36252c1b333a0c62183dad6b91d2a66660e |
librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 8316cd73342ca47abc2ac0b050a80daea291a6c241ff043378f3995b022c87b7 |
librepo-debugsource-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 197f4cc38b582904a3d2d6071192058beeef4a1ebe41ad5c4cc465294c9d9d22 |
python3-librepo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 79e12f6afd029b7de91ec6f718bdcdb249724c79dea90973f9ddd1510408277b |
python3-librepo-debuginfo-1.11.0-3.el8_2.ppc64le.rpm
|
SHA-256: 031b696815a9d48da17d4673355e2f5e6225d568f957a18fb21ddfd75adbcc23 |
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2
SRPM |
librepo-1.11.0-3.el8_2.src.rpm
|
SHA-256: ed14edd76424937fc0593dff3aa573e95b9a5252c84c012ebb10cbc4ec4ef98b |
x86_64 |
librepo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: dea4e4deca24251f05fdf3cb7b5dc78099f92df1d6d828416157b550d25ad5fd |
librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 5625727f60b2600767ad77647c468fa535be7db05c1c5a4c19c19a9b050ad69c |
librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 73b204bb7513ff5dd9502e2bc779056b36330a3dc7d917aa84d1bc1ef08aa6ba |
librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: fc6b875f0fe62cdb5efff596c972d44d2a1f3d5a3d40acb988a95dc2fc6be3b9 |
librepo-debugsource-1.11.0-3.el8_2.i686.rpm
|
SHA-256: fb72142d9f907dbad979080348efdc78ed146e093b7cf8dca8478eb510625141 |
librepo-debugsource-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: 8b8ec5b01aee7c7f2088352a7d4787e25ecad19b311371f19f940baba73717d3 |
python3-librepo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: f623cc38f5fc796781723a2d1d7b94d6e5f425642a98d2a5429f4dd9d5b27686 |
python3-librepo-debuginfo-1.11.0-3.el8_2.i686.rpm
|
SHA-256: 25a0d1d1f4e29b065780a0ecec01f72d8230963f87dee6bebc8e6b8efc79703c |
python3-librepo-debuginfo-1.11.0-3.el8_2.x86_64.rpm
|
SHA-256: bc8eb6ff4337f3f6dce7e107fd50ffcebf35e7bb7068e69c22d949be3a0376ce |