SUSE-SU-2018:0065-1
- Source
- https://www.suse.com/support/update/announcement/2018/suse-su-20180065-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0065-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2018:0065-1
- Related
- Published
- 2018-01-11T10:25:14Z
- Modified
- 2025-05-08T17:01:56.051344Z
- Upstream
- Summary
- Fixing security issues on OBS toolchain
- Details
-
This OBS toolchain update fixes the following issues:
Package 'build':
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
- Fixed Dockerfile repository parsing
Package 'obs-service-source_validator':
- CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556).
- CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265)
- Update to version 0.7.
- Use specquery instead of outputversions using the specfile parser from the build package (boo#1059858)
- obs-service-source_validator: several occurrences of uninitialized value (bsc#967610)
- hack for util-linux specfiles (bnc#891829)
- fix dependency to gnupg2 for Fedora (bnc#827480)
- exit if tmpdir creation fails (bnc#796918)
Package 'osc':
- Update to version 0.162.0.
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20180065-1/
- https://bugzilla.suse.com/1059858
- https://bugzilla.suse.com/1069904
- https://bugzilla.suse.com/796918
- https://bugzilla.suse.com/827480
- https://bugzilla.suse.com/891829
- https://bugzilla.suse.com/938556
- https://bugzilla.suse.com/967265
- https://bugzilla.suse.com/967610
- https://www.suse.com/security/cve/CVE-2016-4007
- https://www.suse.com/security/cve/CVE-2017-14804
- https://www.suse.com/security/cve/CVE-2017-9274
Affected packages
SUSE:Linux Enterprise Software Development Kit 11 SP4 / build
Package
- Name
- build
- Purl
- pkg:rpm/suse/build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4