Ispravljeni su višestruki sigurnosni nedostaci aplikacije Suse Studio Onsite koji su udaljenim napadačima omogućavali izvođenje XSS napada te pokretanje zlonamjernog programskog koda.
Paket:
SUSE Studio Onsite 1.x, SUSE Studio Onsite 3.x
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11
Sigurnosni problemi odnose se na niz neodgovarajućih provjera ulaznih podataka u pojedinim ulaznim datotekama, nepravilno rukovanje pojedinim datotekama te na pogreške u radu određenih komponenti.
Posljedica:
Udaljeni napadač uočene propuste može iskoristiti za pokretanje XSS napada te izvršavanje proizvoljnog programskog koda.
Rješenje:
Svim korisnicima savjetuje se instalacija najnovije inačice paketa.
SUSE Security Update: Security update for kiwi
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:0917-1
Rating: critical
References: #571584 #659843 #667082 #668014 #670299 #675004
#681902 #682978 #689907 #693847 #694506 #699558
#699708 #699710 #700356 #700588 #700589 #700591
#700948 #701512 #701814 #701815 #701816 #702041
#702320 #704726 #704730 #707637 #709437 #709572
#710392 #711998 #712000
Cross-References: CVE-2011-2225 CVE-2011-2226 CVE-2011-2644
CVE-2011-2645 CVE-2011-2646 CVE-2011-2647
CVE-2011-2648 CVE-2011-2649 CVE-2011-2650
CVE-2011-2651 CVE-2011-2652
Affected Products:
SUSE Studio Onsite 1.1
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 22 fixes
is now available. It includes two new package versions.
Description:
SUSE Studio was prone to several cross-site-scripting (XSS)
and shell quoting issues.
* CVE-2011-2652 - XSS vulnerability in overlay files:
bad escaping archive file list
* CVE-2011-2651 - Remote code execution via crafted
filename in file browser
* CVE-2011-2650 - XSS vulnerability when displaying RPM
info (pattern name)
* CVE-2011-2649 - Unwanted shell expansion when
executing commands in FileUtils fix
* CVE-2011-2648 - Arbitrary code execution via filters
in modified files
* CVE-2011-2647 - studio: Remote code execution via
crafted archive name in testdrive's modified files
* CVE-2011-2646 - studio: Remote code execution via
crafted filename in testdrive's modified files
* CVE-2011-2645 - Remote code execution via crafted
custom RPM filename
* CVE-2011-2644 - XSS vulnerability in displaying RPM
info
* CVE-2011-2226 - XSS vulnerability when displaying
pattern listing
* CVE-2011-2225 - Overlay directory pathes are not
properly escaped before inclusion into config.sh
Furthermore, the following non-security fixes are included:
* 682978: Fix apache config for cloning appliances with
image repos
* 681902: Fix images being deleted when one format is
deleted
* 571584: Show 32bit packages in 64bit appliance when
there's no 64bit version available
* 701512: Remove kiwi version dependency on release
* 704730: Fix script for fixing the apache configuration
* 707637: Fixed rmds segfaults during attempt of adding
specially crafted repositories
* 704726: Disable partition alignment for SLE10
* 709437: Fix Export script
* 689907: Fix SLE 10 SP3 appliances containing SP2
product file
* 711998: Do not waste disk space when generating the
export tarball
In addition, this update provides kiwi version 3.73.1 with
the following fixes:
* 667082: KIWIManager.sh rpmLibs() should execute
ldconfig after baselib cleanup
* 668014: Support raid 1 (mirroring) for pxe images
* 670299: kiwi's implementation of 4k alignment feature
covers only first partition
* 675004: TFTP block size
* 694506: Kiwi: boot partition runs out of space
* 659843: Avoid initialization of KMS without kernel
support
* 693847: fixed URL quoting, we have to distinguish the
quoting
Also an important fix was made to the "export" script.
Security Issue references:
* CVE-2011-2652
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2652
>
* CVE-2011-2651
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2651
>
* CVE-2011-2650
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2650
>
* CVE-2011-2649
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2649
>
* CVE-2011-2648
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2648
>
* CVE-2011-2647
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2647
>
* CVE-2011-2646
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2646
>
* CVE-2011-2645
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2645
>
* CVE-2011-2644
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2644
>
* CVE-2011-2225
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2225
>
* CVE-2011-2226
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2226
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.1:
zypper in -t patch slestsosp1-susestudio-201107-4998
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.1 (x86_64) [New Version: 1.1.4 and 3.74.2]:
kiwi-3.74.2-0.81.8
kiwi-desc-isoboot-3.74.2-0.81.8
kiwi-desc-netboot-3.74.2-0.81.8
kiwi-desc-oemboot-3.74.2-0.81.8
kiwi-desc-usbboot-3.74.2-0.81.8
kiwi-desc-vmxboot-3.74.2-0.81.8
kiwi-desc-xenboot-3.74.2-0.81.8
kiwi-doc-3.74.2-0.81.8
kiwi-tools-3.74.2-0.81.8
susestudio-1.1.4-0.19.2
susestudio-clicfs-1.1.4-0.19.2
susestudio-common-1.1.4-0.19.2
susestudio-image-helpers-1.1.4-0.3.2
susestudio-kiwi-runner-1.1.4-0.19.2
susestudio-rmds-1.1.4-0.19.2
susestudio-testdrive-1.1.4-0.19.2
susestudio-thoth-1.1.4-0.19.2
susestudio-ui-server-1.1.4-0.19.2
References:
http://support.novell.com/security/cve/CVE-2011-2225.html
http://support.novell.com/security/cve/CVE-2011-2226.html
http://support.novell.com/security/cve/CVE-2011-2644.html
http://support.novell.com/security/cve/CVE-2011-2645.html
http://support.novell.com/security/cve/CVE-2011-2646.html
http://support.novell.com/security/cve/CVE-2011-2647.html
http://support.novell.com/security/cve/CVE-2011-2648.html
http://support.novell.com/security/cve/CVE-2011-2649.html
http://support.novell.com/security/cve/CVE-2011-2650.html
http://support.novell.com/security/cve/CVE-2011-2651.html
http://support.novell.com/security/cve/CVE-2011-2652.html
https://bugzilla.novell.com/571584
https://bugzilla.novell.com/659843
https://bugzilla.novell.com/667082
https://bugzilla.novell.com/668014
https://bugzilla.novell.com/670299
https://bugzilla.novell.com/675004
https://bugzilla.novell.com/681902
https://bugzilla.novell.com/682978
https://bugzilla.novell.com/689907
https://bugzilla.novell.com/693847
https://bugzilla.novell.com/694506
https://bugzilla.novell.com/699558
https://bugzilla.novell.com/699708
https://bugzilla.novell.com/699710
https://bugzilla.novell.com/700356
https://bugzilla.novell.com/700588
https://bugzilla.novell.com/700589
https://bugzilla.novell.com/700591
https://bugzilla.novell.com/700948
https://bugzilla.novell.com/701512
https://bugzilla.novell.com/701814
https://bugzilla.novell.com/701815
https://bugzilla.novell.com/701816
https://bugzilla.novell.com/702041
https://bugzilla.novell.com/702320
https://bugzilla.novell.com/704726
https://bugzilla.novell.com/704730
https://bugzilla.novell.com/707637
https://bugzilla.novell.com/709437
https://bugzilla.novell.com/709572
https://bugzilla.novell.com/710392
https://bugzilla.novell.com/711998
https://bugzilla.novell.com/712000
http://download.novell.com/patch/finder/?keywords=a7ac468c5be46a2fa087e91241b263bd
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke