SUSE Security Update: Security update for SUSE Studio Onsite 1.2 and kiwi ______________________________________________________________________________
Affected Products: SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 ______________________________________________________________________________
An update that solves 6 vulnerabilities and has 9 fixes is now available. It includes two new package versions.
Description:
Fix for several vulnerabilities in SUSE Studio Onsite 1.2 and kiwi:
* CVE-2011-2225: The path of overlay files was not escaped which allowed shell meta character injection. * CVE-2011-2226: By using an untrusted software repository a user becomes vulnerable to a XSS attack when displaying pattern files (clicking "All patterns" in the software tab). * CVE-2011-3180: The path of overlay files was not escaped which allowed shell meta character injection via the chown(1) command-line. (kiwi) * CVE-2011-4195: The image name was not escaped properly and can be used in conjunction with other applications to execute arbitrary shell commands. (kiwi) * CVE-2011-4193: XSS vulnerability in "overlay files" tab can be used to execute arbitrary JavaScript code while cloning an appliance from an untrusted source. * CVE-2011-4192: Arbitrary shell command injection in conjunction with Studio by using double quotes in kiwi_oemtitle of .profile. (kiwi)
In addition, the following non-security fixes were added:
* Added SLE SDK repos to SLES-for-VMware templates * do not overwrite rmds.conf