openSUSE Security Update : obs-service-download_files / obs-service-extract_file / obs-service-recompress / etc (openSUSE-2016-247)

High Nessus Plugin ID 88922


The remote openSUSE host is missing a security update.


This update for a number of source services fixes the following issues :

- boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system

The following source services are affected

- obs-service-source_validator

- obs-service-extract_file

- obs-service-download_files

- obs-service-recompress

- obs-service-verify_file

Also contains all bug fixes and improvements from the openSUSE:Tools versions.


Update the affected obs-service-download_files / obs-service-extract_file / obs-service-recompress / etc packages.

Plugin Details

Severity: High

ID: 88922

File Name: openSUSE-2016-247.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2016/02/24

Modified: 2016/02/24

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:obs-service-download_files, p-cpe:/a:novell:opensuse:obs-service-extract_file, p-cpe:/a:novell:opensuse:obs-service-recompress, p-cpe:/a:novell:opensuse:obs-service-source_validator, p-cpe:/a:novell:opensuse:obs-service-verify_file, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2016/02/20