Hi OBS Admins, there was an unexpected feature to many in the "patch" util, which could be used to execute scripts. So your OBS instance is affected by that as well, since there is an old feature which allows to apply patches via _link files. So it was possible to execute code on your source server via ed-script crafted patches. Please be sure that you installed the latest distributions updates for CVE-2018-1000156 (bsc#1088420, savannah#53566) for the "patch" utils. They should be out for all SUSE platforms. bye adrian -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org