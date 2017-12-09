Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in OBS
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OBS
ID: openSUSE-SU-2017:3259-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 42.2, SUSE openSUSE Leap 42.3
Datum: Sa, 9. Dezember 2017, 13:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9274

Originalnachricht

 
   openSUSE Security Update: Security update for the OBS toolchain
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:3259-1
Rating:             important
References:         #1059858 #1061500 #1069904 #665768 #938556 
                    
Cross-References:   CVE-2010-4226 CVE-2017-14804 CVE-2017-9274
                   
Affected Products:
                    openSUSE Leap 42.3
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves three vulnerabilities and has two
   fixes is now available.

Description:

   This OBS toolchain update fixes the following issues:

   Package 'build':

   - CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
   - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
   - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
     to foo-32bit-debuginfo (fate#323217)

   Package 'obs-service-source_validator':
   - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc.
 from
     a spec (bnc#938556).
   - Update to version 0.7
   - use spec_query instead of output_versions using the specfile parser from
     the build package (boo#1059858)

   Package 'osc':
   - update to version 0.162.0
   - add Recommends: ca-certificates to enable TLS verification without
     manually installing them. (bnc#1061500)

   This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2017-1360=1

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-1360=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.3 (noarch):

      build-20171128-5.1
      build-initvm-i586-20171128-5.1
      build-initvm-x86_64-20171128-5.1
      build-mkbaselibs-20171128-5.1
      build-mkdrpms-20171128-5.1
      obs-service-source_validator-0.7-16.1
      osc-0.162.0-10.1

   - openSUSE Leap 42.2 (noarch):

      build-20171128-2.6.1
      build-initvm-i586-20171128-2.6.1
      build-initvm-x86_64-20171128-2.6.1
      build-mkbaselibs-20171128-2.6.1
      build-mkdrpms-20171128-2.6.1
      obs-service-source_validator-0.7-13.6.1
      osc-0.162.0-7.7.1


References:

   https://www.suse.com/security/cve/CVE-2010-4226.html
   https://www.suse.com/security/cve/CVE-2017-14804.html
   https://www.suse.com/security/cve/CVE-2017-9274.html
   https://bugzilla.suse.com/1059858
   https://bugzilla.suse.com/1061500
   https://bugzilla.suse.com/1069904
   https://bugzilla.suse.com/665768
   https://bugzilla.suse.com/938556

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten

6
FSFE legt Jah­res­be­richt 2017 vor

4
Pa­ra­gon stellt »Li­nux File Sys­tems for Win­dow­s« vor

6
Ge­gen­wart und Zu­kunft von Le­t's En­crypt

27
Qt 5.10 und Qt Crea­tor 4.5 ver­öf­fent­licht

3
sour­ces.­de­bi­an.org nimmt Be­trieb auf

0
Chro­me 63 ver­bes­sert die Über­sicht

6
Re­ac­tOS 0.4.7 frei­ge­ge­ben

2
Cros­sO­ver 17.0 ver­öf­fent­licht

3
»o­penSUSE VorKon 17/19« er­schie­nen

0
An­dro­id 8.1 und An­dro­id Oreo (Go Edi­ti­on) er­schie­nen
 
Werbung