Upstream information

CVE-2015-0778 at MITRE

Description

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

SUSE information

SUSE Bugzilla entry: 901643 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Legacy Software 15
  • osc >= 0.162.1-1.30
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 15 GA osc
SUSE Linux Enterprise Software Development Kit 11 SP3
  • osc >= 0.152.0-6.2
Patchnames:
sdksp3-osc-12020
SUSE Linux Enterprise Software Development Kit 11 SP4
  • osc >= 0.152.0-6.2
Patchnames:
sdksp4-osc-12020
SUSE Linux Enterprise Software Development Kit 12
  • osc >= 0.151.0-8.1
Patchnames:
SUSE-SLE-SDK-12-2015-119
SUSE Linux Enterprise Software Development Kit 12 SP1
  • osc >= 0.152.0-11.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA osc
SUSE Linux Enterprise Software Development Kit 12 SP2
  • osc >= 0.152.0-11.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA osc
SUSE Linux Enterprise Software Development Kit 12 SP3
  • osc >= 0.158.0-14.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA osc
openSUSE 13.1
  • osc >= 0.151.0-2.24.1
Patchnames:
openSUSE-2015-224
openSUSE Leap 42.1
  • osc >= 0.152.0-3.2
Patchnames:
openSUSE Leap 42.1 GA osc
openSUSE Leap 42.2
  • osc >= 0.155.0-6.1
Patchnames:
openSUSE Leap 42.2 GA osc
openSUSE Leap 42.3
  • osc >= 0.158.0-8.1
Patchnames:
openSUSE Leap 42.3 GA osc
openSUSE Tumbleweed
  • osc >= 0.155.1-2.1
Patchnames:
openSUSE Tumbleweed GA osc