Security update for build

SUSE Security Update: Security update for build
Announcement ID: SUSE-SU-2019:0387-1
Rating: moderate
References: #1069904 #1122895
Cross-References: CVE-2017-14804
Affected Products:
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
  • SUSE Linux Enterprise Module for Development Tools 15

An update that solves one vulnerability and has one errata is now available.

Description:

This update for build version 20190128 fixes the following issues:
Security issue fixed:

  • CVE-2017-14804: Improve file name check extractbuild (bsc#1069904)

Non-security issue fixed:
  • Add initial SLE 15 SP1 config (bsc#1122895)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-387=1
  • SUSE Linux Enterprise Module for Development Tools 15:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-387=1

Package List:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):
    • build-mkdrpms-20190128-3.3.2
  • SUSE Linux Enterprise Module for Development Tools 15 (noarch):
    • build-20190128-3.3.2
    • build-mkbaselibs-20190128-3.3.2

References: