Red Hat Enterprise Linux security fix CVE-2020-14352

I was in charge of integration test to deliver to Red Hat Enterprise Linux customers Security Advisory RHSA-2020:3658 (CVE-2020-14352 fix) public released on 8 Sep 2020.

Red Hat Product Security has rated this update as having a security impact of Important.

Security fix:

  • librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)

Common Vulnerability Scoring System (CVSS) v3 Score Details:

  • Red Hat: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • NVD: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H