Security update for SUSE Studio
SUSE Security Update: Security update for SUSE Studio
| Announcement ID: | SUSE-SU-2015:0863-1 |
| Rating: | low |
| References: | #852794 #876313 #880078 #887893 #904372 #904375 #912512 #914765 #918203 #918239 #918395 #919037 |
| Affected Products: |
An update that solves three vulnerabilities and has 9 fixes is now available. It includes one version update.
Description:
This update provides SUSE Studio 1.3.10, including Amazon's EC2 support for SUSE Linux Enterprise 12 appliances.
Additionally, the update includes fixes for the following issues:
- #904372 - Arbitrary file existence disclosure in sprockets gem (CVE-2014-7819)
- #904375 - Arbitrary file existence disclosure in Action Pack gem (CVE-2014-7818)
- #918203 - Arbitrary file existence disclosure in Studio Onsite (CVE-2014-7829)
- #852794 - SLES 11-SP3 templates fail to build x86_64 EC2 images
- #914765 - Change of appliance name is not displayed in appliance's change log
- #887893 - Change log not accessible via API
- #918239 - Failure to create new appliances after upgrade to Studio Onsite 1.3.9
- #918395 - Remove 32bit as target for building EC2 appliances
- #912512 - Studio doesn't allow duplicated repositories
- #880078 - Studio packages contain files that get modified (by Studio) after installation.
- #919037 - Can't open appliance on Gallery: undefined restructure_unsupportable_packages method.
Security Issues:
Indications:
Everybody should update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-susestudio-1310-201502=10411
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.10]:
- Containment-Studio-SLE11_SP3-5.05.81-20150505234825
- susestudio-1.3.10-0.17.45
- susestudio-bundled-packages-1.3.10-0.17.45
- susestudio-common-1.3.10-0.17.45
- susestudio-runner-1.3.10-0.17.45
- susestudio-sid-1.3.10-0.17.45
- susestudio-ui-server-1.3.10-0.17.45
References:
- https://www.suse.com/security/cve/CVE-2014-7818.html
- https://www.suse.com/security/cve/CVE-2014-7819.html
- https://www.suse.com/security/cve/CVE-2014-7829.html
- https://bugzilla.suse.com/852794
- https://bugzilla.suse.com/876313
- https://bugzilla.suse.com/880078
- https://bugzilla.suse.com/887893
- https://bugzilla.suse.com/904372
- https://bugzilla.suse.com/904375
- https://bugzilla.suse.com/912512
- https://bugzilla.suse.com/914765
- https://bugzilla.suse.com/918203
- https://bugzilla.suse.com/918239
- https://bugzilla.suse.com/918395
- https://bugzilla.suse.com/919037
- https://download.suse.com/patch/finder/?keywords=47874d473d5972d4857f71d4a1d418be