Описание
Security update for build
This update for build version 20190128 fixes the following issues:
Security issue fixed:
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
Non-security issue fixed:
- Add initial SLE 15 SP1 config (bsc#1122895)
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15
build-20190128-3.3.2
build-mkbaselibs-20190128-3.3.2
Ссылки
- Link for SUSE-SU-2019:0387-1
- E-Mail link for SUSE-SU-2019:0387-1
- SUSE Security Ratings
- SUSE Bug 1069904
- SUSE Bug 1122895
- SUSE CVE CVE-2017-14804 page
Описание
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15:build-20190128-3.3.2
SUSE Linux Enterprise Module for Development Tools 15:build-mkbaselibs-20190128-3.3.2
Ссылки
- CVE-2017-14804
- SUSE Bug 1069904