CVE-2015-0778

Upstream information

CVE-2015-0778 at MITRE

Description

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

---

SUSE information

SUSE Bugzilla entry: 901643 [RESOLVED]

SUSE Security Advisories:

• SUSE-SU-2015:0487-1, published Thu, 12 Mar 2015 21:05:26 +0100 (CET)
• SUSE-SU-2015:1361-1, published Fri Aug 7 06:10:24 MDT 2015
• openSUSE-SU-2015:0486-1, published Thu, 12 Mar 2015 21:05:07 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Development Tools 15 SP1	osc >= 0.165.0-1.3
SUSE Linux Enterprise Module for Development Tools 15 SP2	osc >= 0.168.2-3.15.1
SUSE Linux Enterprise Module for Legacy Software 15	osc >= 0.162.1-1.30
SUSE Linux Enterprise Software Development Kit 11 SP3	osc >= 0.152.0-6.2	Patchnames: sdksp3-osc-12020
SUSE Linux Enterprise Software Development Kit 11 SP4	osc >= 0.152.0-6.2	Patchnames: sdksp4-osc-12020
SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2	osc >= 0.152.0-11.1
SUSE Linux Enterprise Software Development Kit 12 SP3	osc >= 0.158.0-14.1
SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5	osc >= 0.162.1-15.6.1
SUSE Linux Enterprise Software Development Kit 12	osc >= 0.151.0-8.1	Patchnames: SUSE-SLE-SDK-12-2015-119
openSUSE 13.1	osc >= 0.151.0-2.24.1	Patchnames: openSUSE-2015-224
openSUSE Leap 42.1	osc >= 0.152.0-3.2	Patchnames: openSUSE Leap 42.1 GA osc
openSUSE Leap 42.2	osc >= 0.155.0-6.1	Patchnames: openSUSE Leap 42.2 GA osc
openSUSE Leap 42.3	osc >= 0.158.0-8.1	Patchnames: openSUSE Leap 42.3 GA osc
openSUSE Tumbleweed	osc >= 0.155.1-2.1	Patchnames: openSUSE Tumbleweed GA osc