openSUSE Security Update: build security update ______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:0174-1 Rating: moderate References: #665768 Cross-References: CVE-2010-4226 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available. It includes one version update.
Description:
The build script uses cpio to extract untrusted rpm packages for bootstrapping virtual machines. cpio is not safe to use for this task, therefore the build script now uses bsdtar instead (CVE-2010-4226).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch build-4028
- openSUSE 11.2:
zypper in -t patch build-4028
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (noarch) [New Version: 2010.07.28]:
build-2010.07.28-1.3.1 build-mkbaselibs-2010.07.28-1.3.1
- openSUSE 11.2 (noarch) [New Version: 2010.07.28]:
build-2010.07.28-1.3.1
References:
http://support.novell.com/security/cve/CVE-2010-4226.html https://bugzilla.novell.com/665768