SUSE: 2022:4310-2 Critical: Osc Security And Connectivity Patch
suse
December 7, 2022
An update that solves two vulnerabilities, contains one feature and has 22 fixes is now available
Summary
This update for osc fixes the following issues: osc was updated to version 0.182.0 (bsc#1154972, bsc#1144211, bsc#1142662, bsc#1140697, bsc#1138165): - Added MFA support (jsc#OBS-203). - CVE-2019-3681: Fixed vulnerability where osc stored downloaded RPMs in network controlled paths (bsc#1122675). - CVE-2019-3685: Fixed broken TLS certificate handling (bsc#1142518). Bugfixes: - Removed use of chardet to guess encoding. Utf-8 or latin-1 is now assumed, which will speed up decoding (bsc#1173926). - Added helper method _html_escape to enable python3.8 and python2.* compatibility (bsc#1166537). - Added MR creation to honor orev (bsc#1160446). - Fixed local build outside of the working copy of a package (bsc#1136584). - Don't enforce password reuse (bsc#1156501).
Topics Covered
References
#1089025 #1097996 #1122675 #1125243 #1126055
#1126058 #1127932 #1129757 #1129889 #1131512
#1136584 #1137477 #1138165 #1138977 #1140697
#1142518 #1142662 #1144211 #1154972 #1155953
#1156501 #1160446 #1166537 #1173926 OBS-203
Cross- CVE-2019-3681 CVE-2019-3685
CVSS scores:
CVE-2019-3681 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-3681 (SUSE): 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2019-3685 (NVD) : 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2019-3685 (SUSE): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2022:4351-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!