CVE-2017-9274

Опубликовано: 01 мар. 2018

Источник: debian

Описание

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
osc	fixed	0.162.1-1		package
osc	no-dsa		stretch	package
osc	no-dsa		jessie	package
osc	no-dsa		wheezy	package

Примечания

Details in https://bugzilla.suse.com/show_bug.cgi?id=938556
SUSE adressed the issue not only in the obs-service-source_validator
and adding a validation in 0.162.0 when using OBS 2.9, cf.:
https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1

Связанные уязвимости

CVE-2017-9274

CVSS3: 7.8

ubuntu

почти 8 лет назад

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

CVE-2017-9274

CVSS3: 7.8

nvd

почти 8 лет назад

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

GHSA-rmgp-j5rm-7ghv

CVSS3: 7.8

github

больше 3 лет назад

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

openSUSE-SU-2017:3259-1

suse-cvrf

около 8 лет назад

Security update for the OBS toolchain

SUSE-SU-2018:0065-1

suse-cvrf

около 8 лет назад

Fixing security issues on OBS toolchain