8 matches found
K73455417: obs-service-extract_file package vulnerability CVE-2016-4007
Security Advisory Description Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...
The vulnerabilities of the operating systems OpenSUSE Leap and openSUSE allow attackers to execute arbitrary commands.
The multiple vulnerabilities of the obs-service-extractfile package in OpenSUSE Leap and OpenSUSE are related to code errors. Exploiting these vulnerabilities allows a malicious actor to remotely execute arbitrary commands by manipulating the service involved in executing “invalid functions”...
Novell openSUSE Leap and openSUSE Arbitrary Command Execution Vulnerabilities
Novell openSUSE is a free Linux-based operating system. openSUSE Leap is a version of openSUSE. A security vulnerability in obs-service-extractfile in Novell openSUSE Leap and obs-service-extractfile in openSUSE allows local attackers to execute arbitrary commands...
CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...
Design/Logic Flaw
Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...
CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...
CVE-2016-4007
CVE-2016-4007 affects the obs-service-extract_file package (and related source validator components) via code/parameter injection in service definitions (unzip with illegal options). Public advisories note the issue was fixed by OBS-related updates: openSUSE/SUSE security notices for obs-service-...
Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)
This update for a number of source services fixes the following issues: - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...