Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)

ID OPENSUSE-SU-2016:0521-1
Type suse
Reporter Suse
Modified 2016-02-20T13:11:58


This update for a number of source services fixes the following issues:

  • boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system

The following source services are affected

  • obs-service-source_validator
  • obs-service-extract_file
  • obs-service-download_files
  • obs-service-recompress
  • obs-service-verify_file

Also contains all bug fixes and improvements from the openSUSE:Tools versions.