Hi, please note that there is a security issue inside of bsdtar/libarchive. This is the tool which we use to prepare builds inside of any environemnt (chroot, kvm, ...). Special crafted binary packages allow an attacker to replace any file on your worker host system. Please update bsdtar and libarchive packages on your workers. You find fixed versions of them inside of the following projects: OBS:Server:2.6 OBS:Server:2.5 OBS:Server:2.4 OBS:Server:Unstable The issue is public already. bye adrian -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org