Lucene search
SuseOPENSUSE-SU-2017:3259-1HistoryDec 09, 2017 - 12:08 p.m.
Security update for the OBS toolchain (important)
2017-12-0912:08:35
lists.opensuse.org
94
0.003 Low
EPSS
Percentile
70.8%
This OBS toolchain update fixes the following issues:
Package ‘build’:
- CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
to foo-32bit-debuginfo (fate#323217)
Package ‘obs-service-source_validator’:
- CVE-2017-9274: Don’t use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556). - Update to version 0.7
- use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858)
Package ‘osc’:
- update to version 0.162.0
- add Recommends: ca-certificates to enable TLS verification without
manually installing them. (bnc#1061500)
This update was imported from the SUSE:SLE-12:Update update project.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 42.2 | noarch | build-mkbaselibs | < 20171128-2.6.1 | build-mkbaselibs-20171128-2.6.1.noarch.rpm |
| openSUSE Leap | 42.2 | noarch | build | < 20171128-2.6.1 | build-20171128-2.6.1.noarch.rpm |
| openSUSE Leap | 42.2 | noarch | build-mkdrpms | < 20171128-2.6.1 | build-mkdrpms-20171128-2.6.1.noarch.rpm |
| openSUSE Leap | 42.2 | noarch | obs-service-source_validator | < 0.7-13.6.1 | obs-service-source_validator-0.7-13.6.1.noarch.rpm |
| openSUSE Leap | 42.3 | noarch | build-initvm-x86_64 | < 20171128-5.1 | build-initvm-x86_64-20171128-5.1.noarch.rpm |
| openSUSE Leap | 42.3 | noarch | osc | < 0.162.0-10.1 | osc-0.162.0-10.1.noarch.rpm |
| openSUSE Leap | 42.2 | noarch | osc | < 0.162.0-7.7.1 | osc-0.162.0-7.7.1.noarch.rpm |
| openSUSE Leap | 42.3 | noarch | build-initvm-i586 | < 20171128-5.1 | build-initvm-i586-20171128-5.1.noarch.rpm |
| openSUSE Leap | 42.3 | noarch | build | < 20171128-5.1 | build-20171128-5.1.noarch.rpm |
| openSUSE Leap | 42.3 | noarch | build-mkdrpms | < 20171128-5.1 | build-mkdrpms-20171128-5.1.noarch.rpm |
Related
openvas
openvas
openSUSE: Security Advisory for OBS toolchain (openSUSE-SU-2017:3259-1)
2017-12-10 00:00:00
Fedora Update for osc FEDORA-2018-fac5420dd1
2018-09-06 00:00:00
Fedora Update for osc FEDORA-2018-fe2cbf0c2b
2018-08-27 00:00:00
nessus
nessus
openSUSE Security Update : the OBS toolchain (openSUSE-2017-1360)
2017-12-14 00:00:00
Fedora 28 : obs-build / osc (2018-fe2cbf0c2b)
2019-01-03 00:00:00
Fedora 27 : obs-build / osc (2018-fac5420dd1)
2018-09-06 00:00:00
suse
suse
Fixing security issues on OBS toolchain (important)
2017-12-08 18:18:37
Fixing security issues on OBS toolchain (important)
2018-01-11 15:06:50
Security update for build (moderate)
2019-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: osc-0.163.0-237.1.1.fc27
2018-09-06 02:32:46
[SECURITY] Fedora 27 Update: obs-build-20180816-291.1.1.fc27
2018-09-06 02:32:46
[SECURITY] Fedora 28 Update: obs-build-20180816-291.1.1.fc28
2018-08-26 17:41:55
cve
cve
ubuntucve
ubuntucve
CVE-2017-14804
2018-03-01 00:00:00
CVE-2017-9274
2018-03-01 00:00:00
prion
prion
Command injection
2018-03-01 20:29:00
Design/Logic Flaw
2018-03-01 20:29:00
Code injection
2014-02-06 17:00:00
cvelist
cvelist
CVE-2017-9274 osc executes spec code during "osc commit"
2017-12-08 00:00:00
CVE-2017-14804 package builds could use directory traversal to write outside of target area
2017-12-08 00:00:00
CVE-2010-4226
2014-02-06 16:00:00
osv
osv
CVE-2017-9274
2018-03-01 20:29:01
cbl_mariner
cbl_mariner
CVE-2010-4226 affecting package cpio 2.13-3
2024-07-02 03:08:34
CVE-2010-4226 affecting package cpio 2.13-5
2024-07-02 03:08:38
debiancve
debiancve
CVE-2017-14804
2018-03-01 20:29:00
CVE-2017-9274
2018-03-01 20:29:01
nvd
nvd