Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:3749 - Security Advisory
Issued:
2020-09-15
Updated:
2020-09-15

RHSA-2020:3749 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: librepo security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for librepo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The librepo library provides a C and Python API to download repository metadata.

Security Fix(es):

  • librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 1866498 - CVE-2020-14352 librepo: missing path validation in repomd.xml may lead to directory traversal

CVEs

  • CVE-2020-14352

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
x86_64
librepo-1.10.3-4.el8_1.i686.rpm SHA-256: fb8780e80678d0b87225b12157f2358d687633dee7ae54f4c4eb53314ce957a7
librepo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 7ab45774eb7f5483f75e070fd4583d878d2c156016e3536ad6047b795b3a77eb
librepo-debuginfo-1.10.3-4.el8_1.i686.rpm SHA-256: 235f00edb2703c968b0fa10ba2de36144fb5a7d2cfe106c64c541a5823319aac
librepo-debuginfo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 5f97b88f06f4dfd7d0f3fad39dfe4fd63eee238d2c3c85ea7e610fbea5c86063
librepo-debugsource-1.10.3-4.el8_1.i686.rpm SHA-256: d7a9a94ebf96789177568435af24b0dffcd2880531eb9d217c02d07186eb85b4
librepo-debugsource-1.10.3-4.el8_1.x86_64.rpm SHA-256: 57545ed412ead3de4ce3ec38a87c0f13cc53fc21ef2a34298c62bcdc681f3757
python3-librepo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 03b266d53345618c78e413ab7da369e53515f55ffaa72c4b6b9f0415bdb1008f
python3-librepo-debuginfo-1.10.3-4.el8_1.i686.rpm SHA-256: 0d41b04563f002543dd53b52e55820c56bde46279a892e2915b14119df983645
python3-librepo-debuginfo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 367339c9c4c714e6ac048fa48e1fa65fd0a2aa7f269fdbb61c3193e574f72c94

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
s390x
librepo-1.10.3-4.el8_1.s390x.rpm SHA-256: 644d172d034d45fcfa22d2c9c7b1cfe2f25c1943a7f0696aa3301f3ead5da14b
librepo-debuginfo-1.10.3-4.el8_1.s390x.rpm SHA-256: 167d93380df9a1c2375cf8a0559c89c1df9a36691a16fc1f13c5c336cf8220f2
librepo-debugsource-1.10.3-4.el8_1.s390x.rpm SHA-256: 3e9e149b0c4ec6b94e8f895b1e954ff013f58f793b282418073ad83566c4827f
python3-librepo-1.10.3-4.el8_1.s390x.rpm SHA-256: c03873f0ec063797ea4feeca9158d5b2ebd4ca890ed66b88a98dbfd78bd39431
python3-librepo-debuginfo-1.10.3-4.el8_1.s390x.rpm SHA-256: 127c766fbabcfe9f5cf313f97a72afa60c04206bd36ddf848749d11e5be5f92f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
ppc64le
librepo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 4f7328d04c3a5479018b582f5b01699c9ab3146a965d72f2d585ba7c467cb425
librepo-debuginfo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 51607185c47ca759c228c18795f3b7510f9707f70e46d22173bd6acf41568914
librepo-debugsource-1.10.3-4.el8_1.ppc64le.rpm SHA-256: ea483b39315cb061098708ac7b46803d89ce584c2441246145d265b7f7e16778
python3-librepo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 64ec9f981fdca4c5427e887a0107fe7e21e63064779bfb24aeead89c78f4ce1b
python3-librepo-debuginfo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 40cb2e2c35dc62a18f400b9ddf83b8629efa4a1726b458d1247a865289a9f815

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
aarch64
librepo-1.10.3-4.el8_1.aarch64.rpm SHA-256: 14918864b6c31b271e16034a09bb23af549a909237d7fad686924e6c35e2e9c5
librepo-debuginfo-1.10.3-4.el8_1.aarch64.rpm SHA-256: 9859576378afec606a92bed36eaca1da53e647e48a4c9034266f1999dbf20dd3
librepo-debugsource-1.10.3-4.el8_1.aarch64.rpm SHA-256: 8ec672fdd26bbec2dac53f5ce49ca3b525c14e25809d7834f8a26488cc04e970
python3-librepo-1.10.3-4.el8_1.aarch64.rpm SHA-256: 340b831321266768c8532ae2ecb2aa409e942e21c7c022635b91f803bedfc0a3
python3-librepo-debuginfo-1.10.3-4.el8_1.aarch64.rpm SHA-256: 55f5d54681eb18f98816461df5f4e94eff1db443e0b55c7a7eef86a2de49132d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
ppc64le
librepo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 4f7328d04c3a5479018b582f5b01699c9ab3146a965d72f2d585ba7c467cb425
librepo-debuginfo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 51607185c47ca759c228c18795f3b7510f9707f70e46d22173bd6acf41568914
librepo-debugsource-1.10.3-4.el8_1.ppc64le.rpm SHA-256: ea483b39315cb061098708ac7b46803d89ce584c2441246145d265b7f7e16778
python3-librepo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 64ec9f981fdca4c5427e887a0107fe7e21e63064779bfb24aeead89c78f4ce1b
python3-librepo-debuginfo-1.10.3-4.el8_1.ppc64le.rpm SHA-256: 40cb2e2c35dc62a18f400b9ddf83b8629efa4a1726b458d1247a865289a9f815

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
librepo-1.10.3-4.el8_1.src.rpm SHA-256: 743793a0456a8a420ab75c11e995f59ca0bef00bd2cdf46587a1f82c7dec6f82
x86_64
librepo-1.10.3-4.el8_1.i686.rpm SHA-256: fb8780e80678d0b87225b12157f2358d687633dee7ae54f4c4eb53314ce957a7
librepo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 7ab45774eb7f5483f75e070fd4583d878d2c156016e3536ad6047b795b3a77eb
librepo-debuginfo-1.10.3-4.el8_1.i686.rpm SHA-256: 235f00edb2703c968b0fa10ba2de36144fb5a7d2cfe106c64c541a5823319aac
librepo-debuginfo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 5f97b88f06f4dfd7d0f3fad39dfe4fd63eee238d2c3c85ea7e610fbea5c86063
librepo-debugsource-1.10.3-4.el8_1.i686.rpm SHA-256: d7a9a94ebf96789177568435af24b0dffcd2880531eb9d217c02d07186eb85b4
librepo-debugsource-1.10.3-4.el8_1.x86_64.rpm SHA-256: 57545ed412ead3de4ce3ec38a87c0f13cc53fc21ef2a34298c62bcdc681f3757
python3-librepo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 03b266d53345618c78e413ab7da369e53515f55ffaa72c4b6b9f0415bdb1008f
python3-librepo-debuginfo-1.10.3-4.el8_1.i686.rpm SHA-256: 0d41b04563f002543dd53b52e55820c56bde46279a892e2915b14119df983645
python3-librepo-debuginfo-1.10.3-4.el8_1.x86_64.rpm SHA-256: 367339c9c4c714e6ac048fa48e1fa65fd0a2aa7f269fdbb61c3193e574f72c94

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility