SUSE-SU-2017:0475-1: moderate: Security update for susestudio

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Feb 15 22:08:08 MST 2017


   SUSE Security Update: Security update for susestudio
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0475-1
Rating:             moderate
References:         #870697 #887489 #929102 #942185 #947225 #963741 
                    #968797 #969322 #972406 #972425 #974130 #979110 
                    #979124 #981095 #983404 #983999 
Cross-References:   CVE-2015-3448 CVE-2015-7576 CVE-2015-7577
                    CVE-2016-0751 CVE-2016-0752
Affected Products:
                    SUSE Studio Onsite Runner 1.3
                    SUSE Studio Onsite 1.3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 11 fixes is
   now available.

Description:


   This update provides SUSE Studio Runner 1.3.14, which brings fixes for the
   following issues:

   - bsc#968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS.
   - bsc#947225: Second build of appliance will not register to SLMS, wrong
     product name.
   - bsc#983404: UEFI boot missing for SLE11 SP4.
   - bsc#972406: Kiwi export config.sh script has /build-custom out of order.
   - bsc#981095: Add user "ldap" to default_users list for assigning owners
     for overlay files.
   - bsc#972425: Runlevel 3 is being ignored in appliance configuration.
   - bsc#983999: SLES 12 appliance build does not include gpg keys from base
     product.
   - bsc#979110: SLES 12 will not build for EC2.
   - bsc#929102: Plaintext Password Local Disclosure in rubygem-rest-client.
     (CVE-2015-3448)
   - bsc#963741: Security fixes for Rails v3.2.22. (CVE-2015-7576,
     CVE-2015-7577, CVE-2016-0751, CVE-2016-0752)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite Runner 1.3:

      zypper in -t patch slestso13-susestudio-12990=1

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-susestudio-12990=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite Runner 1.3 (noarch):

      studio-help-1.3.20-0.6.9

   - SUSE Studio Onsite Runner 1.3 (s390x):

      libcontainment-insomnia-0.1.1-0.9.4.19
      libjansson4-2.2.1-0.9.11.6
      qemu-ext2-0.1.1-0.9.4.19
      rubygem-bundler19-1.7.0-0.13.10
      susestudio-bundled-packages-1.3.14-52.1
      susestudio-common-1.3.14-52.1
      susestudio-runner-1.3.14-52.1
      susestudio-ui-server-1.3.14-52.1

   - SUSE Studio Onsite 1.3 (noarch):

      studio-help-1.3.20-0.6.9

   - SUSE Studio Onsite 1.3 (x86_64):

      libcontainment-insomnia-0.1.1-0.9.4.19
      libjansson4-2.2.1-0.9.11.6
      qemu-ext2-0.1.1-0.9.4.19
      rubygem-bundler19-1.7.0-0.13.10
      susestudio-1.3.14-52.1
      susestudio-bundled-packages-1.3.14-52.1
      susestudio-common-1.3.14-52.1
      susestudio-runner-1.3.14-52.1
      susestudio-sid-1.3.14-52.1
      susestudio-ui-server-1.3.14-52.1


References:

   https://www.suse.com/security/cve/CVE-2015-3448.html
   https://www.suse.com/security/cve/CVE-2015-7576.html
   https://www.suse.com/security/cve/CVE-2015-7577.html
   https://www.suse.com/security/cve/CVE-2016-0751.html
   https://www.suse.com/security/cve/CVE-2016-0752.html
   https://bugzilla.suse.com/870697
   https://bugzilla.suse.com/887489
   https://bugzilla.suse.com/929102
   https://bugzilla.suse.com/942185
   https://bugzilla.suse.com/947225
   https://bugzilla.suse.com/963741
   https://bugzilla.suse.com/968797
   https://bugzilla.suse.com/969322
   https://bugzilla.suse.com/972406
   https://bugzilla.suse.com/972425
   https://bugzilla.suse.com/974130
   https://bugzilla.suse.com/979110
   https://bugzilla.suse.com/979124
   https://bugzilla.suse.com/981095
   https://bugzilla.suse.com/983404
   https://bugzilla.suse.com/983999



More information about the sle-security-updates mailing list