Lucene search
SuseSUSE-SU-2018:0065-1HistoryJan 11, 2018 - 3:06 p.m.
Fixing security issues on OBS toolchain (important)
2018-01-1115:06:50
lists.opensuse.org
48
0.004 Low
EPSS
Percentile
72.8%
This OBS toolchain update fixes the following issues:
Package ‘build’:
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- Fixed Dockerfile repository parsing
Package ‘obs-service-source_validator’:
- CVE-2017-9274: Don’t use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556). - CVE-2016-4007: Several maintained source services are vulnerable to
code/paramter injection (bsc#967265) - Update to version 0.7.
- Use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858) - obs-service-source_validator: several occurrences of uninitialized value
(bsc#967610) - hack for util-linux specfiles (bnc#891829)
- fix dependency to gnupg2 for Fedora (bnc#827480)
- exit if tmpdir creation fails (bnc#796918)
Package ‘osc’:
- Update to version 0.162.0.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| SUSE Linux Enterprise Software Development Kit | 11.4 | noarch | build | < 20171128-8.3.3 | build-20171128-8.3.3.noarch.rpm |
| SUSE Linux Enterprise Software Development Kit | 11.4 | s390x | osc | < 0.162.1-7.4.1 | osc-0.162.1-7.4.1.s390x.rpm |
| SUSE Linux Enterprise Software Development Kit | 11.4 | i586 | osc | < 0.162.1-7.4.1 | osc-0.162.1-7.4.1.i586.rpm |
| SUSE Linux Enterprise Software Development Kit | 11.4 | x86_64 | osc | < 0.162.1-7.4.1 | osc-0.162.1-7.4.1.x86_64.rpm |
| SUSE Linux Enterprise Software Development Kit | 11.4 | ppc64 | osc | < 0.162.1-7.4.1 | osc-0.162.1-7.4.1.ppc64.rpm |
| SUSE Linux Enterprise Software Development Kit | 11.4 | ia64 | osc | < 0.162.1-7.4.1 | osc-0.162.1-7.4.1.ia64.rpm |
Related
openvas
openvas
Fedora Update for osc FEDORA-2018-fac5420dd1
2018-09-06 00:00:00
openSUSE: Security Advisory for OBS toolchain (openSUSE-SU-2017:3259-1)
2017-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: osc-0.163.0-237.1.1.fc27
2018-09-06 02:32:46
[SECURITY] Fedora 27 Update: obs-build-20180816-291.1.1.fc27
2018-09-06 02:32:46
[SECURITY] Fedora 28 Update: obs-build-20180816-291.1.1.fc28
2018-08-26 17:41:55
suse
suse
Security update for the OBS toolchain (important)
2017-12-09 12:08:35
Fixing security issues on OBS toolchain (important)
2017-12-08 18:18:37
Security update for obs-service-source_validator (important)
2016-06-22 17:08:02
nessus
nessus
openSUSE Security Update : the OBS toolchain (openSUSE-2017-1360)
2017-12-14 00:00:00
openSUSE Security Update : obs-service-source_validator (openSUSE-2016-758)
2016-06-24 00:00:00
Fedora 28 : obs-build / osc (2018-fe2cbf0c2b)
2019-01-03 00:00:00
cve
cve
cvelist
cvelist
CVE-2017-9274 osc executes spec code during "osc commit"
2017-12-08 00:00:00
CVE-2016-4007
2016-04-13 14:00:00
prion
prion
Design/Logic Flaw
2018-03-01 20:29:00
Command injection
2018-03-01 20:29:00
Design/Logic Flaw
2016-04-13 14:59:00
ubuntucve
ubuntucve
CVE-2017-14804
2018-03-01 00:00:00
CVE-2017-9274
2018-03-01 00:00:00
f5
f5
SOL73455417 - obs-service-extract_file package vulnerability CVE-2016-4007
2016-05-10 00:00:00
K73455417 : obs-service-extract_file package vulnerability CVE-2016-4007
2016-05-10 00:00:00
debiancve
debiancve
CVE-2017-14804
2018-03-01 20:29:00
CVE-2017-9274
2018-03-01 20:29:01
nvd
nvd
osv
osv
CVE-2017-9274
2018-03-01 20:29:01