SUSE: 2017:3253-1 Important: OBS Toolchain Issues Fixed
suse
December 8, 2017
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now...
Summary
This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs (bnc#665768) - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo (fate#323217) Package 'obs-service-source_validator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - Update to version 0.7 - use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) Package 'osc': - update to version 0.162.0 - add Recommends: ca-certificates to enable TLS verification without manually installing them. (bnc#1061500) Patch Instructions:
Topics Covered
References
#1059858 #1061500 #1069904 #665768 #938556
Cross- CVE-2010-4226 CVE-2017-14804 CVE-2017-9274
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
https://www.suse.com/security/cve/CVE-2010-4226.html
https://www.suse.com/security/cve/CVE-2017-14804.html
https://www.suse.com/security/cve/CVE-2017-9274.html
https://bugzilla.suse.com/1059858
https://bugzilla.suse.com/1061500
https://bugzilla.suse.com/1069904
https://bugzilla.suse.com/665768
https://bugzilla.suse.com/938556
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2017:3253-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!