Mailinglist Archive: opensuse-buildservice (63 mails)

< Previous Next >
[opensuse-buildservice] OBS Admin Heads Up CVE-2018-1000156
Hi OBS Admins,

there was an unexpected feature to many in the "patch" util, which
could be used to execute scripts.

So your OBS instance is affected by that as well, since there is an
old feature which allows to apply patches via _link files.

So it was possible to execute code on your source server via ed-script
crafted patches.

Please be sure that you installed the latest distributions updates
for

CVE-2018-1000156 (bsc#1088420, savannah#53566)

for the "patch" utils.

They should be out for all SUSE platforms.

bye
adrian

--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
Germany




--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages