Fixing security issues on OBS toolchain (important)

2017-12-0818:18:37

lists.opensuse.org

0.003 Low

EPSS

Percentile

70.7%

JSON

This OBS toolchain update fixes the following issues:

Package ‘build’:

CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit
to foo-32bit-debuginfo (fate#323217)

Package ‘obs-service-source_validator’:

CVE-2017-9274: Don’t use rpmbuild to extract sources, patches etc. from
a spec (bnc#938556).
Update to version 0.7
use spec_query instead of output_versions using the specfile parser from
the build package (boo#1059858)

Package ‘osc’:

update to version 0.162.0
add Recommends: ca-certificates to enable TLS verification without
manually installing them. (bnc#1061500)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit12.3noarchosc< 0.162.0-15.3.1osc-0.162.0-15.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.3noarchbuild-mkbaselibs< 20171128-9.3.2build-mkbaselibs-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchbuild< 20171128-9.3.2build-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchobs-service-source_validator< 0.7-9.3.1obs-service-source_validator-0.7-9.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchbuild-initvm-x86_64< 20171128-9.3.2build-initvm-x86_64-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchosc< 0.162.0-15.3.1osc-0.162.0-15.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.3noarchbuild< 20171128-9.3.2build-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchbuild-mkbaselibs< 20171128-9.3.2build-mkbaselibs-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.3noarchbuild-initvm-s390< 20171128-9.3.2build-initvm-s390-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.3noarchobs-service-source_validator< 0.7-9.3.1obs-service-source_validator-0.7-9.3.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Software Development Kit	12.3	noarch	osc	< 0.162.0-15.3.1	osc-0.162.0-15.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.3	noarch	build-mkbaselibs	< 20171128-9.3.2	build-mkbaselibs-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.2	noarch	build	< 20171128-9.3.2	build-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.2	noarch	obs-service-source_validator	< 0.7-9.3.1	obs-service-source_validator-0.7-9.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.2	noarch	build-initvm-x86_64	< 20171128-9.3.2	build-initvm-x86_64-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.2	noarch	osc	< 0.162.0-15.3.1	osc-0.162.0-15.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.3	noarch	build	< 20171128-9.3.2	build-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.2	noarch	build-mkbaselibs	< 20171128-9.3.2	build-mkbaselibs-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.3	noarch	build-initvm-s390	< 20171128-9.3.2	build-initvm-s390-20171128-9.3.2.noarch.rpm
SUSE Linux Enterprise Software Development Kit	12.3	noarch	obs-service-source_validator	< 0.7-9.3.1	obs-service-source_validator-0.7-9.3.1.noarch.rpm