You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa calamares

Sigurnosni nedostatak programskog paketa calamares

openSUSE Security Update: Security update for calamares
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2628-1
Rating: moderate
References: #1140256 #1152377
Cross-References: CVE-2019-13178
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for calamares fixes the following issues:

– Launch with “pkexec calamares” in openSUSE Tumbleweed, but launch with
“xdg-su -c calamares” in openSUSE Leap 15.

Update to Calamares 3.2.15:

– “displaymanager” module now treats “sysconfig” as a regular entry in the
“displaymanagers” list, and the “sysconfigSetup” key is used as a
shorthand to force only that entry in the list.
– “machineid” module has been re-written in C++ and extended with a new
configuration key to generate urandom pool data.
– “unpackfs” now supports a special “sourcefs” value of file for copying
single files (optionally with renaming) or directory trees to the target
system.
– “unpackfs” now support an “exclude” and “excludeFile” setting for
excluding particular files or patters from unpacking.

Update to Calamares 3.2.14:
– “locale” module no longer recognizes the legacy GeoIP configuration.
This has been deprecated since Calamares 3.2.8 and is now removed.
– “packagechooser” module can now be custom-labeled in the overall
progress (left-hand column).
– “displaymanager” module now recognizes KDE Plasma 5.17.
– “displaymanager” module now can handle Wayland sessions and can detect
sessions from their .desktop files.
– “unpackfs” now has special handling for sourcefs setting “file”.

Update to Calamares 3.2.13.

More about upstream changes:

https://calamares.io/calamares-3.2.13-is-out/ and
https://calamares.io/calamares-3.2.12-is-out/

Update to Calamares 3.2.11:

– Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256,
CVE-2019-13178)
– more about upstream changes in 3.2 versions can be found in
https://calamares.io/ and https://github.com/calamares/calamares/releases

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2628=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2628=1

Package List:

– openSUSE Leap 15.1 (x86_64):

calamares-3.2.15-lp151.4.3.3
calamares-debuginfo-3.2.15-lp151.4.3.3
calamares-debugsource-3.2.15-lp151.4.3.3
calamares-webview-3.2.15-lp151.4.3.3
calamares-webview-debuginfo-3.2.15-lp151.4.3.3

– openSUSE Leap 15.1 (noarch):

calamares-branding-upstream-3.2.15-lp151.4.3.3

– openSUSE Leap 15.0 (x86_64):

calamares-3.2.15-lp150.7.2
calamares-debuginfo-3.2.15-lp150.7.2
calamares-debugsource-3.2.15-lp150.7.2
calamares-webview-3.2.15-lp150.7.2
calamares-webview-debuginfo-3.2.15-lp150.7.2

– openSUSE Leap 15.0 (noarch):

calamares-branding-upstream-3.2.15-lp150.7.2

References:

https://www.suse.com/security/cve/CVE-2019-13178.html
https://bugzilla.suse.com/1140256
https://bugzilla.suse.com/1152377


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke oniguruma

Otkriveni su sigurnosni nedostaci programske biblioteke oniguruma za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja,...

Close