openSUSE Security Update: build security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0174-1 Rating: moderate References: #665768 Cross-References: CVE-2010-4226 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The build script uses cpio to extract untrusted rpm packages for bootstrapping virtual machines. cpio is not safe to use for this task, therefore the build script now uses bsdtar instead (CVE-2010-4226). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch build-4028 - openSUSE 11.2: zypper in -t patch build-4028 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (noarch) [New Version: 2010.07.28]: build-2010.07.28-1.3.1 build-mkbaselibs-2010.07.28-1.3.1 - openSUSE 11.2 (noarch) [New Version: 2010.07.28]: build-2010.07.28-1.3.1 References: http://support.novell.com/security/cve/CVE-2010-4226.html https://bugzilla.novell.com/665768