SUSE-SU-2015:0863-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0863-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:0863-1

Related

Published

2015-05-05T23:49:58Z

Modified

2015-05-05T23:49:58Z

Summary

Security update for SUSE Studio

Details

This update provides SUSE Studio 1.3.10, including Amazon's EC2 support for SUSE Linux Enterprise 12 appliances.

Additionally, the update includes fixes for the following issues:

* #904372 - Arbitrary file existence disclosure in sprockets gem
  (CVE-2014-7819)
* #904375 - Arbitrary file existence disclosure in Action Pack gem
  (CVE-2014-7818)
* #918203 - Arbitrary file existence disclosure in Studio Onsite
  (CVE-2014-7829)
* #852794 - SLES 11-SP3 templates fail to build x86_64 EC2 images
* #914765 - Change of appliance name is not displayed in appliance's
  change log
* #887893 - Change log not accessible via API
* #918239 - Failure to create new appliances after upgrade to Studio
  Onsite 1.3.9
* #918395 - Remove 32bit as target for building EC2 appliances
* #912512 - Studio doesn't allow duplicated repositories
* #880078 - Studio packages contain files that get modified (by Studio)
  after installation.
* #919037 - Can't open appliance on Gallery: undefined
  restructure_unsupportable_packages method.

Security Issues:

* CVE-2014-7819
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819>
* CVE-2014-7818
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818>
* CVE-2014-7829
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829>

References

SUSE-SU-2015:0863-1

Affected packages