SUSE Security Update: Security update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0917-1 Rating: critical References: #571584 #659843 #667082 #668014 #670299 #675004 #681902 #682978 #689907 #693847 #694506 #699558 #699708 #699710 #700356 #700588 #700589 #700591 #700948 #701512 #701814 #701815 #701816 #702041 #702320 #704726 #704730 #707637 #709437 #709572 #710392 #711998 #712000 Cross-References: CVE-2011-2225 CVE-2011-2226 CVE-2011-2644 CVE-2011-2645 CVE-2011-2646 CVE-2011-2647 CVE-2011-2648 CVE-2011-2649 CVE-2011-2650 CVE-2011-2651 CVE-2011-2652 Affected Products: SUSE Studio Onsite 1.1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 22 fixes is now available. It includes two new package versions. Description: SUSE Studio was prone to several cross-site-scripting (XSS) and shell quoting issues. * CVE-2011-2652 - XSS vulnerability in overlay files: bad escaping archive file list * CVE-2011-2651 - Remote code execution via crafted filename in file browser * CVE-2011-2650 - XSS vulnerability when displaying RPM info (pattern name) * CVE-2011-2649 - Unwanted shell expansion when executing commands in FileUtils fix * CVE-2011-2648 - Arbitrary code execution via filters in modified files * CVE-2011-2647 - studio: Remote code execution via crafted archive name in testdrive's modified files * CVE-2011-2646 - studio: Remote code execution via crafted filename in testdrive's modified files * CVE-2011-2645 - Remote code execution via crafted custom RPM filename * CVE-2011-2644 - XSS vulnerability in displaying RPM info * CVE-2011-2226 - XSS vulnerability when displaying pattern listing * CVE-2011-2225 - Overlay directory pathes are not properly escaped before inclusion into config.sh Furthermore, the following non-security fixes are included: * 682978: Fix apache config for cloning appliances with image repos * 681902: Fix images being deleted when one format is deleted * 571584: Show 32bit packages in 64bit appliance when there's no 64bit version available * 701512: Remove kiwi version dependency on release * 704730: Fix script for fixing the apache configuration * 707637: Fixed rmds segfaults during attempt of adding specially crafted repositories * 704726: Disable partition alignment for SLE10 * 709437: Fix Export script * 689907: Fix SLE 10 SP3 appliances containing SP2 product file * 711998: Do not waste disk space when generating the export tarball In addition, this update provides kiwi version 3.73.1 with the following fixes: * 667082: KIWIManager.sh rpmLibs() should execute ldconfig after baselib cleanup * 668014: Support raid 1 (mirroring) for pxe images * 670299: kiwi's implementation of 4k alignment feature covers only first partition * 675004: TFTP block size * 694506: Kiwi: boot partition runs out of space * 659843: Avoid initialization of KMS without kernel support * 693847: fixed URL quoting, we have to distinguish the quoting Also an important fix was made to the "export" script. Security Issue references: * CVE-2011-2652 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2652
* CVE-2011-2651 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2651
* CVE-2011-2650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2650
* CVE-2011-2649 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2649
* CVE-2011-2648 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2648
* CVE-2011-2647 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2647
* CVE-2011-2646 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2646
* CVE-2011-2645 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2645
* CVE-2011-2644 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2644
* CVE-2011-2225 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2225
* CVE-2011-2226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2226
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.1: zypper in -t patch slestsosp1-susestudio-201107-4998 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.1 (x86_64) [New Version: 1.1.4 and 3.74.2]: kiwi-3.74.2-0.81.8 kiwi-desc-isoboot-3.74.2-0.81.8 kiwi-desc-netboot-3.74.2-0.81.8 kiwi-desc-oemboot-3.74.2-0.81.8 kiwi-desc-usbboot-3.74.2-0.81.8 kiwi-desc-vmxboot-3.74.2-0.81.8 kiwi-desc-xenboot-3.74.2-0.81.8 kiwi-doc-3.74.2-0.81.8 kiwi-tools-3.74.2-0.81.8 susestudio-1.1.4-0.19.2 susestudio-clicfs-1.1.4-0.19.2 susestudio-common-1.1.4-0.19.2 susestudio-image-helpers-1.1.4-0.3.2 susestudio-kiwi-runner-1.1.4-0.19.2 susestudio-rmds-1.1.4-0.19.2 susestudio-testdrive-1.1.4-0.19.2 susestudio-thoth-1.1.4-0.19.2 susestudio-ui-server-1.1.4-0.19.2 References: http://support.novell.com/security/cve/CVE-2011-2225.html http://support.novell.com/security/cve/CVE-2011-2226.html http://support.novell.com/security/cve/CVE-2011-2644.html http://support.novell.com/security/cve/CVE-2011-2645.html http://support.novell.com/security/cve/CVE-2011-2646.html http://support.novell.com/security/cve/CVE-2011-2647.html http://support.novell.com/security/cve/CVE-2011-2648.html http://support.novell.com/security/cve/CVE-2011-2649.html http://support.novell.com/security/cve/CVE-2011-2650.html http://support.novell.com/security/cve/CVE-2011-2651.html http://support.novell.com/security/cve/CVE-2011-2652.html https://bugzilla.novell.com/571584 https://bugzilla.novell.com/659843 https://bugzilla.novell.com/667082 https://bugzilla.novell.com/668014 https://bugzilla.novell.com/670299 https://bugzilla.novell.com/675004 https://bugzilla.novell.com/681902 https://bugzilla.novell.com/682978 https://bugzilla.novell.com/689907 https://bugzilla.novell.com/693847 https://bugzilla.novell.com/694506 https://bugzilla.novell.com/699558 https://bugzilla.novell.com/699708 https://bugzilla.novell.com/699710 https://bugzilla.novell.com/700356 https://bugzilla.novell.com/700588 https://bugzilla.novell.com/700589 https://bugzilla.novell.com/700591 https://bugzilla.novell.com/700948 https://bugzilla.novell.com/701512 https://bugzilla.novell.com/701814 https://bugzilla.novell.com/701815 https://bugzilla.novell.com/701816 https://bugzilla.novell.com/702041 https://bugzilla.novell.com/702320 https://bugzilla.novell.com/704726 https://bugzilla.novell.com/704730 https://bugzilla.novell.com/707637 https://bugzilla.novell.com/709437 https://bugzilla.novell.com/709572 https://bugzilla.novell.com/710392 https://bugzilla.novell.com/711998 https://bugzilla.novell.com/712000 http://download.novell.com/patch/finder/?keywords=a7ac468c5be46a2fa087e91241... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org