openSUSE Security Update: Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0521-1 Rating: important References: Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for a number of source services fixes the following issues: - boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected - obs-service-source_validator - obs-service-extract_file - obs-service-download_files - obs-service-recompress - obs-service-verify_file Also contains all bug fixes and improvements from the openSUSE:Tools versions. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-247=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-247=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-6.1 obs-service-extract_file-0.3-5.1 obs-service-recompress-0.3.1+git20160217.7897d3f-7.1 obs-service-source_validator-0.6+git20160218.73d6618-5.1 obs-service-verify_file-0.1.1-20.1 - openSUSE 13.2 (noarch): obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-2.6.1 obs-service-extract_file-0.3-3.1 obs-service-recompress-0.3.1+git20160217.7897d3f-3.3.1 obs-service-source_validator-0.6+git20160218.73d6618-3.1 obs-service-verify_file-0.1.1-12.3.1 References: -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org