Описание
Security update for build
This update for build version 20190128 fixes the following issues:
Security issue fixed:
- CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)
Non-security issue fixed:
- Add initial SLE 15 SP1 config (bsc#1122895)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
build-20190128-lp150.2.3.1
build-initvm-i586-20190128-lp150.2.3.1
build-initvm-x86_64-20190128-lp150.2.3.1
build-mkbaselibs-20190128-lp150.2.3.1
build-mkdrpms-20190128-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0232-1
- SUSE Security Ratings
- SUSE Bug 1069904
- SUSE Bug 1122895
- SUSE CVE CVE-2017-14804 page
Описание
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Затронутые продукты
openSUSE Leap 15.0:build-20190128-lp150.2.3.1
openSUSE Leap 15.0:build-initvm-i586-20190128-lp150.2.3.1
openSUSE Leap 15.0:build-initvm-x86_64-20190128-lp150.2.3.1
openSUSE Leap 15.0:build-mkbaselibs-20190128-lp150.2.3.1
Ссылки
- CVE-2017-14804
- SUSE Bug 1069904