Upstream information
Description
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.SUSE information
SUSE Bugzilla entry: 901643 [RESOLVED] SUSE Security Advisories:- SUSE-SU-2015:0487-1, published Thu, 12 Mar 2015 21:05:26 +0100 (CET)
- SUSE-SU-2015:1361-1, published Fri Aug 7 06:10:24 MDT 2015
- openSUSE-SU-2015:0486-1, published Thu, 12 Mar 2015 21:05:07 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Module for Legacy Software 15 |
| Patchnames: SUSE Linux Enterprise Module for Legacy Software 15 GA osc |
| SUSE Linux Enterprise Software Development Kit 11 SP3 |
| Patchnames: sdksp3-osc-12020 |
| SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: sdksp4-osc-12020 |
| SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE-SLE-SDK-12-2015-119 |
| SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA osc |
| SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA osc |
| SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA osc |
| openSUSE 13.1 |
| Patchnames: openSUSE-2015-224 |
| openSUSE Leap 42.1 |
| Patchnames: openSUSE Leap 42.1 GA osc |
| openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA osc |
| openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA osc |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA osc |
