Overview

File _patchinfo of Package patchinfo.10640

<patchinfo incident="10640">
  <issue tracker="bnc" id="1092206">openwsman Web Directories Listable Vulnerability</issue>
  <issue tracker="bnc" id="1122623">VUL-0: CVE-2019-3816, CVE-2019-3833: openwsman: Information disclosure and denial of service in openwsman</issue>
  <issue tracker="cve" id="2019-3816"/>
  <issue tracker="cve" id="2019-3833"/>
  <category>security</category>
  <rating>important</rating>
  <packager>adamm</packager>
  <description>This update for openwsman fixes the following issues:

Security issues fixed:

- CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
- CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite
  loop which leads to Denial of Service (bsc#1122623).

Other issues addressed:
  
- Added OpenSSL 1.1 compatibility
- Compilation in debug mode fixed
- Directory listing without authentication fixed (bsc#1092206).
</description>
  <summary>Security update for openwsman</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places