SUSE-SU-2017:3253-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2017/suse-su-20173253-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:3253-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2017:3253-1

Related

Published

2017-12-08T12:54:18Z

Modified

2025-05-08T17:00:29.774223Z

Upstream

CVE-2010-4226

CVE-2017-14804

CVE-2017-9274

Summary

Fixing security issues on OBS toolchain

Details

This OBS toolchain update fixes the following issues:

Package 'build':

CVE-2010-4226: force use of bsdtar for VMs (bnc#665768)
CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo (fate#323217)

Package 'obs-service-sourcevalidator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - Update to version 0.7 - use specquery instead of output_versions using the specfile parser from the build package (boo#1059858)

Package 'osc': - update to version 0.162.0 - add Recommends: ca-certificates to enable TLS verification without manually installing them. (bnc#1061500)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP2 / build

Package

Name: build
Purl: pkg:rpm/suse/build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20171128-9.3.2

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP2 / obs-service-source_validator

Package

Name: obs-service-source_validator
Purl: pkg:rpm/suse/obs-service-source_validator&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7-9.3.1

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP2 / osc

Package

Name: osc
Purl: pkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.162.0-15.3.1

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP3 / build

Package

Name: build
Purl: pkg:rpm/suse/build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20171128-9.3.2

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP3 / obs-service-source_validator

Package

Name: obs-service-source_validator
Purl: pkg:rpm/suse/obs-service-source_validator&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7-9.3.1

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP3 / osc

Package

Name: osc
Purl: pkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.162.0-15.3.1

Ecosystem specific

{
    "binaries": [
        {
            "osc": "0.162.0-15.3.1",
            "build": "20171128-9.3.2",
            "build-mkbaselibs": "20171128-9.3.2",
            "build-initvm-x86_64": "20171128-9.3.2",
            "build-initvm-s390": "20171128-9.3.2",
            "obs-service-source_validator": "0.7-9.3.1"
        }
    ]
}