Описание
Security update for osc
This update for osc to version 0.165.4 fixes the following issues:
Security issue fixed:
- CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518).
Non-security issues fixed:
- support different token operations (runservice, release and rebuild) (requires OBS 2.10)
- fix osc token decode error
- offline build mode is now really offline and does not try to download the buildconfig
- osc build -define now works with python3
- fixes an issue where the error message on osc meta -e was not parsed correctly
- osc maintainer -s now works with python3
- simplified and fixed osc meta -e (bsc#1138977)
- osc lbl now works with non utf8 encoding (bsc#1129889)
- add simpleimage as local build type
- allow optional fork when creating a maintenance request
- fix RPMError fallback
- fix local caching for all package formats
- fix appname for trusted cert store
- osc -h does not break anymore when using plugins
- switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d
- fix osc ls -lb handling empty size and mtime
- removed decoding on osc api command.
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP1
osc-0.165.4-3.9.1
Ссылки
- Link for SUSE-SU-2019:2067-1
- E-Mail link for SUSE-SU-2019:2067-1
- SUSE Security Ratings
- SUSE Bug 1129889
- SUSE Bug 1138977
- SUSE Bug 1140697
- SUSE Bug 1142518
- SUSE Bug 1142662
- SUSE Bug 1144211
- SUSE CVE CVE-2019-3685 page
Описание
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1
Ссылки
- CVE-2019-3685
- SUSE Bug 1142518
- SUSE Bug 1142662