CVE-2016-4007 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-4007 Interim 1 18 2023-12-09T01:18:10Z current 2021-05-30T13:41:05Z 2023-12-09T01:18:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-4007 Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-July/002162.html E-Mail link for SUSE-SU-2016:1839-1 https://lists.suse.com/pipermail/sle-security-updates/2018-January/003585.html E-Mail link for SUSE-SU-2018:0065-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VIZKZNO5F3UVCPCEHMWZB54M4LMO3KJ5/#VIZKZNO5F3UVCPCEHMWZB54M4LMO3KJ5 E-Mail link for openSUSE-SU-2016:1659-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XYTNJJ243NLI4T7TMJDJF4KHIEHIOT6P/#XYTNJJ243NLI4T7TMJDJF4KHIEHIOT6P E-Mail link for openSUSE-SU-2016:1660-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP5 build-20171128-8.3.3 obs-service-source_validator-0.6+git20160531.fbfe336-5.3 osc-0.162.1-7.4.1 build-20171128-8.3.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 osc-0.162.1-7.4.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 obs-service-source_validator-0.6+git20160531.fbfe336-5.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 obs-service-source_validator-0.6+git20160531.fbfe336-5.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." CVE-2016-4007 SUSE Linux Enterprise Software Development Kit 11 SP4:build-20171128-8.3.3 SUSE Linux Enterprise Software Development Kit 11 SP4:osc-0.162.1-7.4.1 SUSE Linux Enterprise Software Development Kit 12 SP1:obs-service-source_validator-0.6+git20160531.fbfe336-5.3 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-source_validator-0.6+git20160531.fbfe336-5.3 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H