exploitDog

SUSE-SU-2015:0487-1

Опубликовано: 12 мар. 2015

Источник: suse-cvrf

Описание

Security update for osc

osc was updated to fix a security issue and some non-security bugs.

osc was updated to 0.151.0, fixing the following vulnerability:

fixed shell command injection via crafted _service files CVE-2015-0778 boo#901643

The following non-security bugs were fixed:

fix times when data comes from OBS backend
support updateing the link in target package for submit requests
various minor bugfixes

Список пакетов

SUSE Linux Enterprise Software Development Kit 12

osc-0.151.0-8.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150487-1/
Link for SUSE-SU-2015:0487-1
https://lists.suse.com/pipermail/sle-security-updates/2015-March/001283.html
E-Mail link for SUSE-SU-2015:0487-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/901643
SUSE Bug 901643
https://www.suse.com/security/cve/CVE-2015-0778/
SUSE CVE CVE-2015-0778 page

Описание

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12:osc-0.151.0-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-0778.html
CVE-2015-0778
https://bugzilla.suse.com/901643
SUSE Bug 901643