Open Build Service 2.10.20 released - openSUSE Build Service

27 Jan 2023


      Hello People,
We have just released Open Build Service 2.10.20 which fixes security 
vulnerabilities. You should update
your installations as soon as possible.
## Fixed Issues
Frontend:
* Update globalid gem from 1.0.0 to 1.0.1
    - Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the GlobalID gem
  * Update rack gem from 2.2.4 to 2.2.6.2
    - Fixes CVE-2022-44571 Denial of service vulnerability in the 
Content-Disposition parsing
      component of Rack.
    - Fixes CVE-2022-44572 Denial of service vulnerability in the 
multipart parsing component
      of Rack.
    - Fixes CVE-2022-44570 Possible denial of service vulnerability in 
the Range header
      parsing component of Rack.
## How to Update
Package updates are available from the 2.10 repositories
https://build.opensuse.org/project/show/OBS:Server:2.10
Fixed appliances can be downloaded from
https://openbuildservice.org/download http://openbuildservice.org/download
Kind regards,
Lukas
-- 
Lukas Krause, Build Solutions

SUSE Software Solutions Germany GmbH
Maxfeldstrasse 5
90409 Nürnberg

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev