PT-2017-19143 · Yocto · Poky

Published

2017-06-16

Updated

2017-07-05

CVE-2017-9731

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Poky in poky-pyro versions 17.0.0 through YP Core - Pyro 2.3

Description The issue allows attackers to obtain sensitive information by reading a URL in a Source entry in an ipk package. This is related to the meta/classes/package ipk.bbclass in Poky for the Yocto Project.

Recommendations For versions 17.0.0 through YP Core - Pyro 2.3, update to a version that includes the fix for this issue to prevent sensitive information disclosure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-9731

Affected Products

Poky

PT-2017-19143 · Yocto · Poky

CVE-2017-9731

Weakness Enumeration

Related Identifiers

Affected Products

References · 3