Mailinglist Archive: opensuse-buildservice (245 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS 1.7.7 and OBS 2.0.7 are fixing security issues
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Mon, 18 Oct 2010 18:06:52 +0200
  • Message-id: <201010181806.52685.adrian@xxxxxxx>


I forgot to mention that Jan-Simon Möller from LinuxFoundation found the
security problems.

Sorry for forgetting this !


Am Montag, 18. Oktober 2010, 14:29:31 schrieb Adrian Schröter:

OBS 1.7.7 and OBS 2.0.7 are fixing security issues

The new versions of OBS 1.7 and 2.0 are fixing a security issue,
tracked as CVE-2010-3782, which allowed users independent of
their state to work via the api. The api is blocking now
all users, who are not in state "confirmed".

The user creation is also now dis-allowed, if LDAP or iChain
athentification mode is used.

In addition OBS 2.0.7 is fixing an issue when branching package sources
via project links.

Packages and appliances are available in openSUSE:Tools:2.0 and
openSUSE:Tools:1.7 projects:

openSUSE:Tools project will get the 2.1 release tomorrow, which is fixing this
issue also.

Adrian Schroeter
SUSE Linux Products GmbH
email: adrian@xxxxxxx
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >