Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

SUSE: 2024:2961-1 Moderate: osc Security Update Addresses Issues

suse
Calendar Grey August 19, 2024
Scroller Suse
Enhancements rolled out for osc strengthen security by resolving various vulnerabilities in SUSE offerings, leading to improved reliability and defense.
* bsc#1122683 * bsc#1212476 * bsc#1218170 * bsc#1221340 * bsc#1225911

Summary

## This update for osc fixes the following issues: * 1.9.0 * Security: * Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. * Command-line: * Introduce build --checks parameter * Library: * OscConfigParser: Remove automatic **name** option * 1.8.3 * Command-line: * Change 'repairwc' command to always run all repair steps * Library: * Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional * Fix colorize() to avoid wrapping empty string into color escape sequences * Provide default values for kwargs.get/pop in get_results() function * 1.8.2 * Library: * Change 'repairwc' command to fix missing .osc/_osclib_version

References

* bsc#1122683

* bsc#1212476

* bsc#1218170

* bsc#1221340

* bsc#1225911

Cross-

* CVE-2024-22034

CVSS scores:

* CVE-2024-22034 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* Development Tools Module 15-SP5

* Development Tools Module 15-SP6

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Real Time 15 SP5

* SUSE Linux Enterprise Real Time 15 SP6

* SUSE Linux Enterprise Server 15 SP5

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has four security fixes can now be

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:2961-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.