[opensuse-buildservice] OBS & osc security updates
Just to ruin your friday, we released a number of new versions of OBS server and osc client. All of them are fixing a security issue, allowing to run arbitrary commands on your server or your workstation when working with crafted _service files by an evil mind. This is tracked as CVE-2015-0778 . Please update to the following versions to fix this: For the client: osc 0.151.0 For the server either to: OBS 2.6.1 OBS 2.5.6 OBS 2.4.7 Official maintenance updates for affected (open)SUSE products are on the way. Beside of this fix, there are some more fixes which will be posted in seperated mails. have a nice friday nevertheless PS: sorry for that, it is not a design issue, but a coding problem what the stupid author(me) really should know better since a long time :/ PPS: Many thanks to Ludwig Nussel for pointing me to it and fixing osc! -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (1)
-
Adrian Schröter