openSUSE: 2016:0521-1: important: obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file
Description
This update for a number of source services fixes the following issues: - boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected - obs-service-source_validator - obs-service-extract_file - obs-service-download_files - obs-service-recompress - obs-service-verify_file Also contains all bug fixes and improvements from the openSUSE:Tools versions.
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-247=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-247=1 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (noarch): obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-6.1 obs-service-extract_file-0.3-5.1 obs-service-recompress-0.3.1+git20160217.7897d3f-7.1 obs-service-source_validator-0.6+git20160218.73d6618-5.1 obs-service-verify_file-0.1.1-20.1 - openSUSE 13.2 (noarch): obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-2.6.1 obs-service-extract_file-0.3-3.1 obs-service-recompress-0.3.1+git20160217.7897d3f-3.3.1 obs-service-source_validator-0.6+git20160218.73d6618-3.1 obs-service-verify_file-0.1.1-12.3.1
References