openSUSE Security Update : osc (openSUSE-SU-2012:0400-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of osc to 0.134.1 provides the following changes :

- adding unlock command

- maintenance_incident requests get created with source
revision of package

- Enables new maintenance submissions for new OBS 2.3
maintenance model

- Fixes srcmd5 revisions in submit request, when link
target != submission target

- patchinfo call can work without checked out copy now

- use qemu as fallback for building not directly supported
architectures

- 'results --watch' option to watch build results until
they finished building

- fixes injection of terminal control chars
(bnc#749335)(CVE-2012-1095)

- support dryrun of branching to preview the expected
result. 'osc sm' is doing this now by default.

- maintenance requests accept package lists as source and
target incidents to be merged in

- add 'setincident' command to 'request' to re-direct a
maintenance request

- ask user to create 'maintenance incident' request when
submit request is failing at release project

- 'osc my patchinfos' is showing patchinfos where any open
bug is assigned to user

- 'osc my' or 'osc my work' is including assigned
patchinfos

- 'osc branch --maintenance' is creating setups for
maintenance

- removed debug code lead to warning message (fix by
Marcus_H)

- add --meta option also to 'list', 'cat' and 'less'
commands

- project checkout is skipping packages linking to project
local packages by default

- add --keep-link option to copypac command

- source validators are not called by default anymore :

- support source services using OBS project or package
name

- support updateing _patchinfo file with new issues just
by calling 'osc patchinfo' again

- branch --add-repositories can be used to add repos from
source project to target project

- branch --extend-package-names can be used to do mbranch
like branch of a single package

- branch --new-package can be used to do branch from a not
yet existing package (to define later submit target)

- show declined requests which created by user

See also :

http://lists.opensuse.org/opensuse-updates/2012-03/msg00035.html
https://bugzilla.novell.com/show_bug.cgi?id=624980
https://bugzilla.novell.com/show_bug.cgi?id=679980
https://bugzilla.novell.com/show_bug.cgi?id=711770
https://bugzilla.novell.com/show_bug.cgi?id=749335

Solution :

Update the affected osc packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74572 ()

Bugtraq ID:

CVE ID: CVE-2012-1095

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now