openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:2961-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856380

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:2961-1)

Resumen: The remote host is missing an update for the 'osc' package(s) announced via the SUSE-SU-2024:2961-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'osc' package(s) announced via the SUSE-SU-2024:2961-1 advisory.

Vulnerability Insight:
This update for osc fixes the following issues:

- 1.9.0
- Security:
- Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911)
Source files are now stored in the 'sources' subdirectory which prevents
name collisons. This requires changing version of '.osc' store to 2.0.
- Command-line:
- Introduce build --checks parameter
- Library:
- OscConfigParser: Remove automatic __name__ option

- 1.8.3
- Command-line:
- Change 'repairwc' command to always run all repair steps
- Library:
- Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional
- Fix colorize() to avoid wrapping empty string into color escape sequences
- Provide default values for kwargs.get/pop in get_results() function

- 1.8.2
- Library:
- Change 'repairwc' command to fix missing .osc/_osclib_version
- Make error message in check_store_version() more generic to work for both projects and packages
- Fix check_store_version in project store

- 1.8.1
- Command-line:
- Fix 'linkpac' command crash when used with '--disable-build' or '--disable-publish' option

- 1.8.0
- Command-line:
- Improve 'submitrequest' command to inherit description from superseded request
- Fix 'mv' command when renaming a file multiple times
- Improve 'info' command to support projects
- Improve 'getbinaries' command by accepting '-M' / '--multibuild-package' option outside checkouts
- Add architecture filtering to 'release' command
- Change 'results' command so the normal and multibuild packages have the same output
- Change 'results' command to use csv writer instead of formatting csv as string
- Add couple mutually exclusive options errors to 'results' command
- Set a default value for 'results --format' only for the csv output
- Add support for 'results --format' for the default text mode
- Update help text for '--format' option in 'results' command
- Add 'results --fail-on-error/-F' flag
- Redirect venv warnings from stderr to debug output
- Configuration:
- Fix config parser to throw an exception on duplicate sections or options
- Modify conf.get_config() to print permissions warning to stderr rather than stdout
- Library:
- Run check_store_version() in obs_scm.Store and fix related code in Project and Package
- Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683)
- Forbid extracting files with absolute path from 'ar' archives (bsc#1122683)
- Remove no longer valid warning from core.unpack_srcrpm()
- Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional
- Fix return value in build build.create_build_descr_data()
- Fix core.get_package_results() to obey 'multibuild_packages' argument
- Tests:
- Fix tests so they don't modify fixtures

- 1.7.0
- Command-line:
- Add 'person search' command
- Add 'person register' command
- Add '-M/--multibuild-package' option to '[what]dependson' commands
- Update ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'osc' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-22034

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856380
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:2961-1)
Resumen:	The remote host is missing an update for the 'osc' package(s) announced via the SUSE-SU-2024:2961-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'osc' package(s) announced via the SUSE-SU-2024:2961-1 advisory. Vulnerability Insight: This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Command-line: - Introduce build --checks parameter - Library: - OscConfigParser: Remove automatic __name__ option - 1.8.3 - Command-line: - Change 'repairwc' command to always run all repair steps - Library: - Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional - Fix colorize() to avoid wrapping empty string into color escape sequences - Provide default values for kwargs.get/pop in get_results() function - 1.8.2 - Library: - Change 'repairwc' command to fix missing .osc/_osclib_version - Make error message in check_store_version() more generic to work for both projects and packages - Fix check_store_version in project store - 1.8.1 - Command-line: - Fix 'linkpac' command crash when used with '--disable-build' or '--disable-publish' option - 1.8.0 - Command-line: - Improve 'submitrequest' command to inherit description from superseded request - Fix 'mv' command when renaming a file multiple times - Improve 'info' command to support projects - Improve 'getbinaries' command by accepting '-M' / '--multibuild-package' option outside checkouts - Add architecture filtering to 'release' command - Change 'results' command so the normal and multibuild packages have the same output - Change 'results' command to use csv writer instead of formatting csv as string - Add couple mutually exclusive options errors to 'results' command - Set a default value for 'results --format' only for the csv output - Add support for 'results --format' for the default text mode - Update help text for '--format' option in 'results' command - Add 'results --fail-on-error/-F' flag - Redirect venv warnings from stderr to debug output - Configuration: - Fix config parser to throw an exception on duplicate sections or options - Modify conf.get_config() to print permissions warning to stderr rather than stdout - Library: - Run check_store_version() in obs_scm.Store and fix related code in Project and Package - Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683) - Forbid extracting files with absolute path from 'ar' archives (bsc#1122683) - Remove no longer valid warning from core.unpack_srcrpm() - Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional - Fix return value in build build.create_build_descr_data() - Fix core.get_package_results() to obey 'multibuild_packages' argument - Tests: - Fix tests so they don't modify fixtures - 1.7.0 - Command-line: - Add 'person search' command - Add 'person register' command - Add '-M/--multibuild-package' option to '[what]dependson' commands - Update ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'osc' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22034
Copyright	Copyright (C) 2024 Greenbone AG