SUSE: 2011:0917-1 Critical: Kiwi Remote Code Execution And XSS Risk

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4047190_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for kiwi
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0917-1
Rating:             critical
References:         #571584 #659843 #667082 #668014 #670299 #675004 
                    #681902 #682978 #689907 #693847 #694506 #699558 
                    #699708 #699710 #700356 #700588 #700589 #700591 
                    #700948 #701512 #701814 #701815 #701816 #702041 
                    #702320 #704726 #704730 #707637 #709437 #709572 
                    #710392 #711998 #712000 
Cross-References:   CVE-2011-2225 CVE-2011-2226 CVE-2011-2644
                    CVE-2011-2645 CVE-2011-2646 CVE-2011-2647
                    CVE-2011-2648 CVE-2011-2649 CVE-2011-2650
                    CVE-2011-2651 CVE-2011-2652
Affected Products:
                    SUSE Studio Onsite 1.1
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 22 fixes
   is now available. It includes two new package versions.

Description:


   SUSE Studio was prone to several cross-site-scripting (XSS)
   and shell  quoting issues.

   * CVE-2011-2652 - XSS vulnerability in overlay files:
   bad escaping archive file list
   * CVE-2011-2651 - Remote code execution via crafted
   filename in file browser
   * CVE-2011-2650 - XSS vulnerability when displaying RPM
   info (pattern name)
   * CVE-2011-2649 - Unwanted shell expansion when
   executing commands in FileUtils fix
   * CVE-2011-2648 - Arbitrary code execution via filters   in modified files
   * CVE-2011-2647 - studio: Remote code execution via
   crafted archive name in testdrive's modified files
   * CVE-2011-2646 - studio: Remote code execution via
   crafted filename in testdrive's modified files
   * CVE-2011-2645 - Remote code execution via crafted
   custom RPM filename
   * CVE-2011-2644 - XSS vulnerability in displaying RPM
   info
   * CVE-2011-2226 - XSS vulnerability when displaying
   pattern listing
   * CVE-2011-2225 - Overlay directory pathes are not
   properly escaped before inclusion into config.sh

   Furthermore, the following non-security fixes are included:

   * 682978: Fix apache config for cloning appliances with
   image repos
   * 681902: Fix images being deleted when one format is
   deleted
   * 571584: Show 32bit packages in 64bit appliance when
   there's no 64bit version available
   * 701512: Remove kiwi version dependency on release
   * 704730: Fix script for fixing the apache configuration
   * 707637: Fixed rmds segfaults during attempt of adding
   specially crafted repositories
   * 704726: Disable partition alignment for SLE10
   * 709437: Fix Export script
   * 689907: Fix SLE 10 SP3 appliances containing SP2
   product file
   * 711998: Do not waste disk space when generating the
   export tarball

   In addition, this update provides kiwi version 3.73.1 with
   the following  fixes:

   * 667082: KIWIManager.sh rpmLibs() should execute
   ldconfig after baselib cleanup
   * 668014: Support raid 1 (mirroring) for pxe images
   * 670299: kiwi's implementation of 4k alignment feature
   covers only first partition
   * 675004: TFTP block size
   * 694506: Kiwi: boot partition runs out of space
   * 659843: Avoid initialization of KMS without kernel
   support
   * 693847: fixed URL quoting, we have to distinguish the
   quoting

   Also an important fix was made to the "export" script.

   Security Issue references:

   * CVE-2011-2652
   
   * CVE-2011-2651
   
   * CVE-2011-2650
   
   * CVE-2011-2649
   
   * CVE-2011-2648
   
   * CVE-2011-2647
   
   * CVE-2011-2646
   
   * CVE-2011-2645
   
   * CVE-2011-2644
   
   * CVE-2011-2225
   
   * CVE-2011-2226
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.1:

      zypper in -t patch slestsosp1-susestudio-201107-4998

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.1 (x86_64) [New Version: 1.1.4 and 3.74.2]:

      kiwi-3.74.2-0.81.8
      kiwi-desc-isoboot-3.74.2-0.81.8
      kiwi-desc-netboot-3.74.2-0.81.8
      kiwi-desc-oemboot-3.74.2-0.81.8
      kiwi-desc-usbboot-3.74.2-0.81.8
      kiwi-desc-vmxboot-3.74.2-0.81.8
      kiwi-desc-xenboot-3.74.2-0.81.8
      kiwi-doc-3.74.2-0.81.8
      kiwi-tools-3.74.2-0.81.8
      susestudio-1.1.4-0.19.2
      susestudio-clicfs-1.1.4-0.19.2
      susestudio-common-1.1.4-0.19.2
      susestudio-image-helpers-1.1.4-0.3.2
      susestudio-kiwi-runner-1.1.4-0.19.2
      susestudio-rmds-1.1.4-0.19.2
      susestudio-testdrive-1.1.4-0.19.2
      susestudio-thoth-1.1.4-0.19.2
      susestudio-ui-server-1.1.4-0.19.2


References:

   https://www.suse.com/security/cve/CVE-2011-2225.html
   https://www.suse.com/security/cve/CVE-2011-2226.html
   https://www.suse.com/security/cve/CVE-2011-2644.html
   https://www.suse.com/security/cve/CVE-2011-2645.html
   https://www.suse.com/security/cve/CVE-2011-2646.html
   https://www.suse.com/security/cve/CVE-2011-2647.html
   https://www.suse.com/security/cve/CVE-2011-2648.html
   https://www.suse.com/security/cve/CVE-2011-2649.html
   https://www.suse.com/security/cve/CVE-2011-2650.html
   https://www.suse.com/security/cve/CVE-2011-2651.html
   https://www.suse.com/security/cve/CVE-2011-2652.html