Mailinglist Archive: opensuse-updates (42 mails)

< Previous Next >
openSUSE-SU-2011:0174-1 (moderate): build security update
openSUSE Security Update: build security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0174-1
Rating: moderate
References: #665768
Cross-References: CVE-2010-4226
Affected Products:
openSUSE 11.3
openSUSE 11.2
______________________________________________________________________________

An update that fixes one vulnerability is now available. It
includes one version update.

Description:

The build script uses cpio to extract untrusted rpm
packages for bootstrapping virtual machines. cpio is not
safe to use for this task, therefore the build script now
uses bsdtar instead (CVE-2010-4226).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch build-4028

- openSUSE 11.2:

zypper in -t patch build-4028

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (noarch) [New Version: 2010.07.28]:

build-2010.07.28-1.3.1
build-mkbaselibs-2010.07.28-1.3.1

- openSUSE 11.2 (noarch) [New Version: 2010.07.28]:

build-2010.07.28-1.3.1


References:

http://support.novell.com/security/cve/CVE-2010-4226.html
https://bugzilla.novell.com/665768


< Previous Next >
This Thread
  • No further messages