SUSE-SU-2024:2963-1

Опубликовано: 19 авг. 2024

Источник: suse-cvrf

Описание

Security update for osc

This update for osc fixes the following issues:

0.183.0

Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0.
Fix errorneous double quotes in core.py

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

osc-0.183.0-15.18.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242963-1/
Link for SUSE-SU-2024:2963-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036631.html
E-Mail link for SUSE-SU-2024:2963-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1225911
SUSE Bug 1225911
https://www.suse.com/security/cve/CVE-2024-22034/
SUSE CVE CVE-2024-22034 page

Описание

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.183.0-15.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-22034.html
CVE-2024-22034
https://bugzilla.suse.com/1225911
SUSE Bug 1225911

SUSE-SU-2024:2963-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2024-22034

Описание

Затронутые продукты

Ссылки