SUSE-SU-2015:0863-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150863-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0863-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0863-1
Related
Published
2015-05-05T23:49:58Z
Modified
2015-05-05T23:49:58Z
Summary
Security update for SUSE Studio
Details

This update provides SUSE Studio 1.3.10, including Amazon's EC2 support for SUSE Linux Enterprise 12 appliances.

Additionally, the update includes fixes for the following issues:

* #904372 - Arbitrary file existence disclosure in sprockets gem
  (CVE-2014-7819)
* #904375 - Arbitrary file existence disclosure in Action Pack gem
  (CVE-2014-7818)
* #918203 - Arbitrary file existence disclosure in Studio Onsite
  (CVE-2014-7829)
* #852794 - SLES 11-SP3 templates fail to build x86_64 EC2 images
* #914765 - Change of appliance name is not displayed in appliance's
  change log
* #887893 - Change log not accessible via API
* #918239 - Failure to create new appliances after upgrade to Studio
  Onsite 1.3.9
* #918395 - Remove 32bit as target for building EC2 appliances
* #912512 - Studio doesn't allow duplicated repositories
* #880078 - Studio packages contain files that get modified (by Studio)
  after installation.
* #919037 - Can't open appliance on Gallery: undefined
  restructure_unsupportable_packages method.

Security Issues:

* CVE-2014-7819
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819>
* CVE-2014-7818
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818>
* CVE-2014-7829
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829>
References

Affected packages