openSUSE-SU-2016:1660-1

Опубликовано: 22 июн. 2016

Источник: suse-cvrf

Описание

Security update for obs-service-source_validator

obs-service-source_validator was updated to fix one security issue.

This security issue was fixed:

CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265).

This non-security issue was fixed:

bsc#967610: Several occurrences of uninitialized value.

Список пакетов

openSUSE Leap 42.1

obs-service-source_validator-0.6+git20160531.fbfe336-11.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html
E-Mail link for openSUSE-SU-2016:1660-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

Затронутые продукты

openSUSE Leap 42.1:obs-service-source_validator-0.6+git20160531.fbfe336-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-4007.html
CVE-2016-4007
https://bugzilla.suse.com/967265
SUSE Bug 967265

openSUSE-SU-2016:1660-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-4007

Описание

Затронутые продукты

Ссылки