SUSE-SU-2017:0475-1: moderate: Security update for susestudio
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Feb 15 22:08:08 MST 2017
SUSE Security Update: Security update for susestudio
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:0475-1
Rating: moderate
References: #870697 #887489 #929102 #942185 #947225 #963741
#968797 #969322 #972406 #972425 #974130 #979110
#979124 #981095 #983404 #983999
Cross-References: CVE-2015-3448 CVE-2015-7576 CVE-2015-7577
CVE-2016-0751 CVE-2016-0752
Affected Products:
SUSE Studio Onsite Runner 1.3
SUSE Studio Onsite 1.3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 11 fixes is
now available.
Description:
This update provides SUSE Studio Runner 1.3.14, which brings fixes for the
following issues:
- bsc#968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS.
- bsc#947225: Second build of appliance will not register to SLMS, wrong
product name.
- bsc#983404: UEFI boot missing for SLE11 SP4.
- bsc#972406: Kiwi export config.sh script has /build-custom out of order.
- bsc#981095: Add user "ldap" to default_users list for assigning owners
for overlay files.
- bsc#972425: Runlevel 3 is being ignored in appliance configuration.
- bsc#983999: SLES 12 appliance build does not include gpg keys from base
product.
- bsc#979110: SLES 12 will not build for EC2.
- bsc#929102: Plaintext Password Local Disclosure in rubygem-rest-client.
(CVE-2015-3448)
- bsc#963741: Security fixes for Rails v3.2.22. (CVE-2015-7576,
CVE-2015-7577, CVE-2016-0751, CVE-2016-0752)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite Runner 1.3:
zypper in -t patch slestso13-susestudio-12990=1
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-susestudio-12990=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite Runner 1.3 (noarch):
studio-help-1.3.20-0.6.9
- SUSE Studio Onsite Runner 1.3 (s390x):
libcontainment-insomnia-0.1.1-0.9.4.19
libjansson4-2.2.1-0.9.11.6
qemu-ext2-0.1.1-0.9.4.19
rubygem-bundler19-1.7.0-0.13.10
susestudio-bundled-packages-1.3.14-52.1
susestudio-common-1.3.14-52.1
susestudio-runner-1.3.14-52.1
susestudio-ui-server-1.3.14-52.1
- SUSE Studio Onsite 1.3 (noarch):
studio-help-1.3.20-0.6.9
- SUSE Studio Onsite 1.3 (x86_64):
libcontainment-insomnia-0.1.1-0.9.4.19
libjansson4-2.2.1-0.9.11.6
qemu-ext2-0.1.1-0.9.4.19
rubygem-bundler19-1.7.0-0.13.10
susestudio-1.3.14-52.1
susestudio-bundled-packages-1.3.14-52.1
susestudio-common-1.3.14-52.1
susestudio-runner-1.3.14-52.1
susestudio-sid-1.3.14-52.1
susestudio-ui-server-1.3.14-52.1
References:
https://www.suse.com/security/cve/CVE-2015-3448.html
https://www.suse.com/security/cve/CVE-2015-7576.html
https://www.suse.com/security/cve/CVE-2015-7577.html
https://www.suse.com/security/cve/CVE-2016-0751.html
https://www.suse.com/security/cve/CVE-2016-0752.html
https://bugzilla.suse.com/870697
https://bugzilla.suse.com/887489
https://bugzilla.suse.com/929102
https://bugzilla.suse.com/942185
https://bugzilla.suse.com/947225
https://bugzilla.suse.com/963741
https://bugzilla.suse.com/968797
https://bugzilla.suse.com/969322
https://bugzilla.suse.com/972406
https://bugzilla.suse.com/972425
https://bugzilla.suse.com/974130
https://bugzilla.suse.com/979110
https://bugzilla.suse.com/979124
https://bugzilla.suse.com/981095
https://bugzilla.suse.com/983404
https://bugzilla.suse.com/983999
More information about the sle-security-updates
mailing list