EUVD-2014-0624

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-9274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific...

SUSE CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

Code injection

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

CVE-2014-0593

The CVE concerns obs-service-set_version, a script used as a source validator in the Open Build Service (OBS). In versions prior to 0.5.3-1.1 the set_version script did not properly sanitize user input, allowing code execution on the executing server. Public references in the connected documents ...

CVE-2014-0593 sed command injection

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

Micro Focus openSUSE obs-service-source_validator code execution vulnerability

Micro Focus openSUSE obs-service-sourcevalidator is a default source validator used by the Factory distribution from Micro Focus UK. A security vulnerability exists in Micro Focus openSUSE obs-service-sourcevalidator versions prior to 0.7. An attacker could exploit the vulnerability to execute co...

DEBIAN-CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

SUSE-SU-2018:0065-1 Fixing security issues on OBS toolchain

This OBS toolchain update fixes the following issues: Package 'build': - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - Fixed Dockerfile repository parsing Package 'obs-service-sourcevalidator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec...

SUSE-SU-2017:3253-1 Fixing security issues on OBS toolchain

This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo fate32321...