openSUSE Security Update : osc (openSUSE-SU-2012:0400-1)

medium Nessus Plugin ID 74572

Synopsis

The remote openSUSE host is missing a security update.

Description

This update of osc to 0.134.1 provides the following changes :

- adding unlock command

- maintenance_incident requests get created with source revision of package

- Enables new maintenance submissions for new OBS 2.3 maintenance model

- Fixes srcmd5 revisions in submit request, when link target != submission target

- patchinfo call can work without checked out copy now

- use qemu as fallback for building not directly supported architectures

- 'results --watch' option to watch build results until they finished building

- fixes injection of terminal control chars (bnc#749335)(CVE-2012-1095)

- support dryrun of branching to preview the expected result. 'osc sm' is doing this now by default.

- maintenance requests accept package lists as source and target incidents to be merged in

- add 'setincident' command to 'request' to re-direct a maintenance request

- ask user to create 'maintenance incident' request when submit request is failing at release project

- 'osc my patchinfos' is showing patchinfos where any open bug is assigned to user

- 'osc my' or 'osc my work' is including assigned patchinfos

- 'osc branch --maintenance' is creating setups for maintenance

- removed debug code lead to warning message (fix by Marcus_H)

- add --meta option also to 'list', 'cat' and 'less' commands

- project checkout is skipping packages linking to project local packages by default

- add --keep-link option to copypac command

- source validators are not called by default anymore :

- support source services using OBS project or package name

- support updateing _patchinfo file with new issues just by calling 'osc patchinfo' again

- branch --add-repositories can be used to add repos from source project to target project

- branch --extend-package-names can be used to do mbranch like branch of a single package

- branch --new-package can be used to do branch from a not yet existing package (to define later submit target)

- show declined requests which created by user

Solution

Update the affected osc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=624980

https://bugzilla.novell.com/show_bug.cgi?id=679980

https://bugzilla.novell.com/show_bug.cgi?id=711770

https://bugzilla.novell.com/show_bug.cgi?id=749335

https://lists.opensuse.org/opensuse-updates/2012-03/msg00035.html

Plugin Details

Severity: Medium

ID: 74572

File Name: openSUSE-2012-170.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:build, p-cpe:/a:novell:opensuse:build-initvm, p-cpe:/a:novell:opensuse:build-initvm-debuginfo, p-cpe:/a:novell:opensuse:build-initvm-debuginfo-32bit, p-cpe:/a:novell:opensuse:build-initvm-debuginfo-i586, p-cpe:/a:novell:opensuse:build-initvm-i586, p-cpe:/a:novell:opensuse:build-mkbaselibs, p-cpe:/a:novell:opensuse:build-mkbaselibs-sle, p-cpe:/a:novell:opensuse:build-mkdrpms, p-cpe:/a:novell:opensuse:obs-service-download_files, p-cpe:/a:novell:opensuse:obs-service-format_spec_file, p-cpe:/a:novell:opensuse:obs-service-source_validator, p-cpe:/a:novell:opensuse:osc, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/19/2012

Vulnerability Publication Date: 2/6/2014

Reference Information

CVE: CVE-2012-1095