SUSE-SU-2016:1839-1

Опубликовано: 20 июл. 2016

Источник: suse-cvrf

Описание

Security update for obs-service-source_validator

This update for obs-service-source_validator to version 0.6+git20160531.fbfe336 fixes one security issue.

This security issue was fixed:

CVE-2016-4007: harden source services against code/parameter injection (bsc#967265)

This non-security issue was fixed:

bsc#967610: Several occurrences of uninitialized value

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP1

obs-service-source_validator-0.6+git20160531.fbfe336-5.3

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20161839-1/
Link for SUSE-SU-2016:1839-1
https://lists.suse.com/pipermail/sle-security-updates/2016-July/002162.html
E-Mail link for SUSE-SU-2016:1839-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/967265
SUSE Bug 967265
https://bugzilla.suse.com/967610
SUSE Bug 967610
https://www.suse.com/security/cve/CVE-2016-4007/
SUSE CVE CVE-2016-4007 page

Описание

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP1:obs-service-source_validator-0.6+git20160531.fbfe336-5.3

Ссылки

https://www.suse.com/security/cve/CVE-2016-4007.html
CVE-2016-4007
https://bugzilla.suse.com/967265
SUSE Bug 967265

SUSE-SU-2016:1839-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP1

Ссылки

Уязвимость: CVE-2016-4007

Описание

Затронутые продукты

Ссылки