Hi OBS Admins,
there was an unexpected feature to many in the "patch" util, which
could be used to execute scripts.
So your OBS instance is affected by that as well, since there is an
old feature which allows to apply patches via _link files.
So it was possible to execute code on your source server via ed-script
Please be sure that you installed the latest distributions updates
CVE-2018-1000156 (bsc#1088420, savannah#53566)
for the "patch" utils.
They should be out for all SUSE platforms.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org
Show replies by date