[opensuse-buildservice] OBS 1.7.7 and OBS 2.0.7 are fixing security issues
OBS 1.7.7 and OBS 2.0.7 are fixing security issues ================================================== The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed". The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used. In addition OBS 2.0.7 is fixing an issue when branching package sources via project links. Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects: http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/ openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 10/18/2010 02:29 PM, Adrian Schröter wrote:
OBS 1.7.7 and OBS 2.0.7 are fixing security issues ==================================================
The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed".
The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used.
In addition OBS 2.0.7 is fixing an issue when branching package sources via project links.
Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects:
http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/
openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also.
Does this have anything to do with my inability to access build.opensuse.org and api.opensuse.org (osc vc etc.)? Thanks Dave P -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Montag, 18. Oktober 2010, 16:04:59 schrieb Dave Plater: ..
Does this have anything to do with my inability to access build.opensuse.org and api.opensuse.org (osc vc etc.)?
No, this are instable network infrastructure problems. Our servers are working correct. People try to solve this atm. bye adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 10/18/2010 04:17 PM, Adrian Schröter wrote:
Am Montag, 18. Oktober 2010, 16:04:59 schrieb Dave Plater: ..
Does this have anything to do with my inability to access build.opensuse.org and api.opensuse.org (osc vc etc.)?
No, this are instable network infrastructure problems. Our servers are working correct. People try to solve this atm.
bye adrian
It's working again. Thanks Dave P -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2010-10-18 16:04:59 +0200, Dave Plater wrote:
Does this have anything to do with my inability to access build.opensuse.org and api.opensuse.org (osc vc etc.)?
no darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Urgs, I forgot to mention that Jan-Simon Möller from LinuxFoundation found the security problems. Sorry for forgetting this ! bye adrian Am Montag, 18. Oktober 2010, 14:29:31 schrieb Adrian Schröter:
OBS 1.7.7 and OBS 2.0.7 are fixing security issues ==================================================
The new versions of OBS 1.7 and 2.0 are fixing a security issue, tracked as CVE-2010-3782, which allowed users independent of their state to work via the api. The api is blocking now all users, who are not in state "confirmed".
The user creation is also now dis-allowed, if LDAP or iChain athentification mode is used.
In addition OBS 2.0.7 is fixing an issue when branching package sources via project links.
Packages and appliances are available in openSUSE:Tools:2.0 and openSUSE:Tools:1.7 projects:
http://download.opensuse.org/repositories/openSUSE:/Tools:/2.0/ http://download.opensuse.org/repositories/openSUSE:/Tools:/1.7/
openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this issue also.
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (3)
-
Adrian Schröter -
Dave Plater -
Marcus Rueckert