openSUSE-SU-2024:0194-2

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0194-2.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0194-2
Related
Published
2024-07-08T18:01:42Z
Modified
2024-07-08T18:01:42Z
Summary
Security update for keybase-client
Details

This update for keybase-client fixes the following issues:

Update to version 6.2.8

  • Update client CA

  • Fix incomplete locking in config file handling.

    • Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch.
    • Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally.
    • Integrate KBFS packages previously build via own source package
  • Upstream integrated these into the same source.
  • Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch.
    • Upgrade Go version used for compilation to 1.19.
    • Use Systemd unit file from upstream source.
References

Affected packages

SUSE:Package Hub 15 SP5 / keybase-client

Package

Name
keybase-client
Purl
pkg:rpm/suse/keybase-client&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.8-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "keybase-client": "6.2.8-bp156.2.3.1",
            "kbfs-tool": "6.2.8-bp156.2.3.1",
            "kbfs-git": "6.2.8-bp156.2.3.1",
            "kbfs": "6.2.8-bp156.2.3.1"
        }
    ]
}

SUSE:Package Hub 15 SP6 / keybase-client

Package

Name
keybase-client
Purl
pkg:rpm/suse/keybase-client&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.8-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "keybase-client": "6.2.8-bp156.2.3.1",
            "kbfs-tool": "6.2.8-bp156.2.3.1",
            "kbfs-git": "6.2.8-bp156.2.3.1",
            "kbfs": "6.2.8-bp156.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / keybase-client

Package

Name
keybase-client
Purl
pkg:rpm/opensuse/keybase-client&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.8-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "keybase-client": "6.2.8-bp156.2.3.1",
            "kbfs-tool": "6.2.8-bp156.2.3.1",
            "kbfs-git": "6.2.8-bp156.2.3.1",
            "kbfs": "6.2.8-bp156.2.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / keybase-client

Package

Name
keybase-client
Purl
pkg:rpm/opensuse/keybase-client&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.8-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "keybase-client": "6.2.8-bp156.2.3.1",
            "kbfs-tool": "6.2.8-bp156.2.3.1",
            "kbfs-git": "6.2.8-bp156.2.3.1",
            "kbfs": "6.2.8-bp156.2.3.1"
        }
    ]
}