OPENSUSE-SU-2024:10108-1 obs-service-set_version-0.5.3-4.2 on GA media

These are all security issues fixed in the obs-service-setversion-0.5.3-4.2 package on the GA media of openSUSE Tumbleweed...

obs-service-set_version command execution vulnerability

obs-service-setversion is a code source validator used in the Open Build Service OBS. A security vulnerability exists in the setversion script in obs-service-setversion prior to version 0.5.3-1.1, which stems from the program failing to properly filter user-submitted input. An attacker can exploi...

CVE-2014-0593

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

Code injection

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

CVE-2014-0593 sed command injection

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...