Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2011:1324-1
HistoryDec 15, 2011 - 1:08 a.m.

Security update for SUSE Studio Onsite 1.2 and kiwi (critical)

2011-12-1501:08:52
lists.opensuse.org
15

0.009 Low

EPSS

Percentile

83.1%

JSON

Fix for several vulnerabilities in SUSE Studio Onsite 1.2
and kiwi:

  • CVE-2011-2225: The path of overlay files was not
    escaped which allowed shell meta character injection.
  • CVE-2011-2226: By using an untrusted software
    repository a user becomes vulnerable to a XSS attack when
    displaying pattern files (clicking "All patterns" in the
    software tab).
  • CVE-2011-3180: The path of overlay files was not
    escaped which allowed shell meta character injection via
    the chown(1) command-line. (kiwi)
  • CVE-2011-4195: The image name was not escaped
    properly and can be used in conjunction with other
    applications to execute arbitrary shell commands. (kiwi)
  • CVE-2011-4193: XSS vulnerability in "overlay files"
    tab can be used to execute arbitrary JavaScript code while
    cloning an appliance from an untrusted source.
  • CVE-2011-4192: Arbitrary shell command injection in
    conjunction with Studio by using double quotes in
    kiwi_oemtitle of .profile. (kiwi)

In addition, the following non-security fixes were added:

  • Added SLE SDK repos to SLES-for-VMware templates
  • do not overwrite rmds.conf
OSVersionArchitecturePackageVersionFilename
SUSE Studio Onsite1.2x86_64susestudio-ui-server< 1.2.1-0.26.1susestudio-ui-server-1.2.1-0.26.1.x86_64.rpm
SUSE Studio Onsite1.2x86_64susestudio-image-helpers< 1.2.1-0.3.3susestudio-image-helpers-1.2.1-0.3.3.x86_64.rpm
SUSE Studio Onsite1.2x86_64kiwi4-tools< 4.85.1-0.22.9kiwi4-tools-4.85.1-0.22.9.x86_64.rpm
SUSE Studio Onsite1.2x86_64kiwi4-doc< 4.85.1-0.22.9kiwi4-doc-4.85.1-0.22.9.x86_64.rpm
SUSE Studio Onsite1.2x86_64kiwi4-desc-netboot< 4.85.1-0.22.9kiwi4-desc-netboot-4.85.1-0.22.9.x86_64.rpm
SUSE Studio Onsite1.2x86_64susestudio< 1.2.1-0.26.1susestudio-1.2.1-0.26.1.x86_64.rpm
SUSE Studio Onsite1.2x86_64kiwi4-desc-oemboot< 4.85.1-0.22.9kiwi4-desc-oemboot-4.85.1-0.22.9.x86_64.rpm
SUSE Studio Onsite1.2x86_64susestudio-thoth< 1.2.1-0.26.1susestudio-thoth-1.2.1-0.26.1.x86_64.rpm
SUSE Studio Extension for System z1.2s390xsusestudio-image-helpers< 1.2.1-0.3.3susestudio-image-helpers-1.2.1-0.3.3.s390x.rpm
SUSE Studio Extension for System z1.2s390xkiwi4< 4.85.1-0.22.9kiwi4-4.85.1-0.22.9.s390x.rpm
Rows per page:
1-10 of 261

Related

cvelist 6
nvd 6
prion 6
cve 6
suse 1
cvelist
cvelist
CVE-2011-2225
2011-08-23 21:00:00
CVE-2011-2226
2011-08-23 21:00:00
CVE-2011-4195
2014-04-16 18:00:00
nvd
nvd
CVE-2011-2225
2011-08-23 21:55:01
CVE-2011-4195
2014-04-16 18:37:11
CVE-2011-2226
2011-08-23 21:55:01
prion
prion
Design/Logic Flaw
2011-08-23 21:55:00
Design/Logic Flaw
2014-04-16 18:37:00
Cross site scripting
2011-08-23 21:55:00
cve
cve
CVE-2011-2226
2011-08-23 21:55:01
CVE-2011-2225
2011-08-23 21:55:01
CVE-2011-4195
2014-04-16 18:37:11
suse
suse
Security update for kiwi (critical)
2011-08-18 09:08:24

0.009 Low

EPSS

Percentile

83.1%

JSON
Related for SUSE-SU-2011:1324-1
cvelist6nvd6prion6cve6suse1