openSUSE: 2019:2628-1: moderate: calamares

    Date03 Dec 2019
    CategoryopenSUSE
    59
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has one errata is now available.
       openSUSE Security Update: Security update for calamares
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2628-1
    Rating:             moderate
    References:         #1140256 #1152377 
    Cross-References:   CVE-2019-13178
    Affected Products:
                        openSUSE Leap 15.1
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has one errata
       is now available.
    
    Description:
    
       This update for calamares fixes the following issues:
    
       - Launch with "pkexec calamares" in openSUSE Tumbleweed, but launch with
         "xdg-su -c calamares" in openSUSE Leap 15.
    
       Update to Calamares 3.2.15:
    
       - "displaymanager" module now treats "sysconfig" as a regular entry in the
         "displaymanagers" list, and the "sysconfigSetup" key is used as a
         shorthand to force only that entry in the list.
       - "machineid" module has been re-written in C++ and extended with a new
         configuration key to generate urandom pool data.
       - "unpackfs" now supports a special "sourcefs" value of file for copying
         single files (optionally with renaming) or directory trees to the target
         system.
       - "unpackfs" now support an "exclude" and "excludeFile" setting for
         excluding particular files or patters from unpacking.
    
       Update to Calamares 3.2.14:
       - "locale" module no longer recognizes the legacy GeoIP configuration.
         This has been deprecated since Calamares 3.2.8 and is now removed.
       - "packagechooser" module can now be custom-labeled in the overall
         progress (left-hand column).
       - "displaymanager" module now recognizes KDE Plasma 5.17.
       - "displaymanager" module now can handle Wayland sessions and can detect
         sessions from their .desktop files.
       - "unpackfs" now has special handling for sourcefs setting “file”.
    
       Update to Calamares 3.2.13.
    
       More about upstream changes:
    
         https://calamares.io/calamares-3.2.13-is-out/ and
       https://calamares.io/calamares-3.2.12-is-out/
    
       Update to Calamares 3.2.11:
    
       - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256,
         CVE-2019-13178)
       - more about upstream changes in 3.2 versions can be found in
         https://calamares.io/ and https://github.com/calamares/calamares/releases
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-2628=1
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-2628=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          calamares-3.2.15-lp151.4.3.3
          calamares-debuginfo-3.2.15-lp151.4.3.3
          calamares-debugsource-3.2.15-lp151.4.3.3
          calamares-webview-3.2.15-lp151.4.3.3
          calamares-webview-debuginfo-3.2.15-lp151.4.3.3
    
       - openSUSE Leap 15.1 (noarch):
    
          calamares-branding-upstream-3.2.15-lp151.4.3.3
    
       - openSUSE Leap 15.0 (x86_64):
    
          calamares-3.2.15-lp150.7.2
          calamares-debuginfo-3.2.15-lp150.7.2
          calamares-debugsource-3.2.15-lp150.7.2
          calamares-webview-3.2.15-lp150.7.2
          calamares-webview-debuginfo-3.2.15-lp150.7.2
    
       - openSUSE Leap 15.0 (noarch):
    
          calamares-branding-upstream-3.2.15-lp150.7.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-13178.html
       https://bugzilla.suse.com/1140256
       https://bugzilla.suse.com/1152377
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.