Описание
Security update for keybase-client
This update for keybase-client fixes the following issues:
Update to version 6.2.8
- Update client CA
- Fix incomplete locking in config file handling.
- Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch.
- Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally.
- Integrate KBFS packages previously build via own source package
- Upstream integrated these into the same source.
- Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch.
- Upgrade Go version used for compilation to 1.19.
- Use Systemd unit file from upstream source.
Список пакетов
SUSE Package Hub 15 SP5
kbfs-6.2.8-bp156.2.3.1
kbfs-git-6.2.8-bp156.2.3.1
kbfs-tool-6.2.8-bp156.2.3.1
keybase-client-6.2.8-bp156.2.3.1
SUSE Package Hub 15 SP6
kbfs-6.2.8-bp156.2.3.1
kbfs-git-6.2.8-bp156.2.3.1
kbfs-tool-6.2.8-bp156.2.3.1
keybase-client-6.2.8-bp156.2.3.1
openSUSE Leap 15.5
kbfs-6.2.8-bp156.2.3.1
kbfs-git-6.2.8-bp156.2.3.1
kbfs-tool-6.2.8-bp156.2.3.1
keybase-client-6.2.8-bp156.2.3.1
openSUSE Leap 15.6
kbfs-6.2.8-bp156.2.3.1
kbfs-git-6.2.8-bp156.2.3.1
kbfs-tool-6.2.8-bp156.2.3.1
keybase-client-6.2.8-bp156.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0194-2
- SUSE Security Ratings
- SUSE Bug 1213928
- SUSE CVE CVE-2023-29408 page
Описание
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
Затронутые продукты
SUSE Package Hub 15 SP5:kbfs-6.2.8-bp156.2.3.1
SUSE Package Hub 15 SP5:kbfs-git-6.2.8-bp156.2.3.1
SUSE Package Hub 15 SP5:kbfs-tool-6.2.8-bp156.2.3.1
SUSE Package Hub 15 SP5:keybase-client-6.2.8-bp156.2.3.1
Ссылки
- CVE-2023-29408
- SUSE Bug 1213928