Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0521-1 Final 1 1 2016-02-20T08:40:39Z current 2016-02-20T08:40:39Z 2016-02-20T08:40:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file This update for a number of source services fixes the following issues: - boo#967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected - obs-service-source_validator - obs-service-extract_file - obs-service-download_files - obs-service-recompress - obs-service-verify_file Also contains all bug fixes and improvements from the openSUSE:Tools versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.html E-Mail link for openSUSE-SU-2016:0521-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-6.1 obs-service-extract_file-0.3-5.1 obs-service-recompress-0.3.1+git20160217.7897d3f-7.1 obs-service-source_validator-0.6+git20160218.73d6618-5.1 obs-service-verify_file-0.1.1-20.1 obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-6.1 as a component of openSUSE Leap 42.1 obs-service-extract_file-0.3-5.1 as a component of openSUSE Leap 42.1 obs-service-recompress-0.3.1+git20160217.7897d3f-7.1 as a component of openSUSE Leap 42.1 obs-service-source_validator-0.6+git20160218.73d6618-5.1 as a component of openSUSE Leap 42.1 obs-service-verify_file-0.1.1-20.1 as a component of openSUSE Leap 42.1