Security update for obs-service-source_validator
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:1659-1
Final
1
1
2016-06-22T12:06:52Z
current
2016-06-22T12:06:52Z
2016-06-22T12:06:52Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for obs-service-source_validator
obs-service-source_validator was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265).
This non-security issue was fixed:
- bsc#967610: Several occurrences of uninitialized value.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
E-Mail link for openSUSE-SU-2016:1659-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
obs-service-source_validator-0.6+git20160531.fbfe336-9.1
obs-service-source_validator-0.6+git20160531.fbfe336-9.1 as a component of openSUSE 13.2
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
CVE-2016-4007
openSUSE 13.2:obs-service-source_validator-0.6+git20160531.fbfe336-9.1
important
6.5
AV:L/AC:M/Au:S/C:C/I:C/A:C
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
https://www.suse.com/security/cve/CVE-2016-4007.html
CVE-2016-4007
https://bugzilla.suse.com/967265
SUSE Bug 967265