openSUSE Security Update : obs-service-download_files / obs-service-extract_file / obs-service-recompress / etc (openSUSE-2016-247)

high Nessus Plugin ID 88922

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for a number of source services fixes the following issues :

- boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system

The following source services are affected

- obs-service-source_validator

- obs-service-extract_file

- obs-service-download_files

- obs-service-recompress

- obs-service-verify_file

Also contains all bug fixes and improvements from the openSUSE:Tools versions.

Solution

Update the affected obs-service-download_files / obs-service-extract_file / obs-service-recompress / etc packages.

Plugin Details

Severity: High

ID: 88922

File Name: openSUSE-2016-247.nasl

Version: 2.3

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/24/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:obs-service-download_files, p-cpe:/a:novell:opensuse:obs-service-extract_file, p-cpe:/a:novell:opensuse:obs-service-recompress, p-cpe:/a:novell:opensuse:obs-service-source_validator, p-cpe:/a:novell:opensuse:obs-service-verify_file, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/20/2016

Detections

Analytics