exploitDog

SUSE-SU-2015:1361-1

Опубликовано: 28 июл. 2015

Источник: suse-cvrf

Описание

Security update for osc

This update provides osc 0.152.0 with various fixes and improvements.

This security issue was fixed:

CVE-2015-0778: Shell command injection via crafted _service files. (bsc#901643)

For a comprehensive list of changes, please refer to the package's change log.

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP3

osc-0.152.0-6.2

SUSE Linux Enterprise Software Development Kit 11 SP4

osc-0.152.0-6.2

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151361-1/
Link for SUSE-SU-2015:1361-1
https://lists.suse.com/pipermail/sle-security-updates/2015-August/001529.html
E-Mail link for SUSE-SU-2015:1361-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/901643
SUSE Bug 901643
https://bugzilla.suse.com/936939
SUSE Bug 936939
https://www.suse.com/security/cve/CVE-2015-0778/
SUSE CVE CVE-2015-0778 page

Описание

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP3:osc-0.152.0-6.2

SUSE Linux Enterprise Software Development Kit 11 SP4:osc-0.152.0-6.2

Ссылки

https://www.suse.com/security/cve/CVE-2015-0778.html
CVE-2015-0778
https://bugzilla.suse.com/901643
SUSE Bug 901643