Описание
Security update for osc
This update for osc to 0.169.1 fixes the following issues:
Security issue fixed:
- CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675).
Non-security issues fixed:
- Improved the speed and usability of osc bash completion.
- improved some error messages.
- osc add: support git@ (private github) or git:// URLs correctly.
- Split dependson and whatdependson commands.
- Added support for osc build --shell-cmd.
- Added pkg-ccache support for osc build.
- Added --ccache option to osc getbinaries
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0852-1
- SUSE Security Ratings
- SUSE Bug 1122675
- SUSE CVE CVE-2019-3681 page
Описание
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
Затронутые продукты
Ссылки
- CVE-2019-3681
- SUSE Bug 1122675