openSUSE Security Update : python-dulwich (openSUSE-2018-801)
High Nessus Plugin ID 111563
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for python-dulwich to version 0.18.5 fixes this security issue :
- CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (bsc#1066430).
For detailed changes please see https://www.dulwich.io/code/dulwich/ This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected python-dulwich packages.