GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 06, 2016 9:26 pm Post subject: [ glsa 201603-02 ] osc |
 |
|
Gentoo Linux Security Advisory
Title: OSC: Shell command injection (GLSA 201603-02)
Severity: normal
Exploitable: remote
Date: March 06, 2016
Bug(s): #553606
ID: 201603-02
Synopsis
OSC is vulnerable to the remote execution of arbitrary code.
Background
OSC is the command line tool and API for the Open Build Service.
Affected Packages
Package: dev-util/osc
Vulnerable: < 0.152.0
Unaffected: >= 0.152.0
Architectures: All supported architectures
Description
A vulnerability has been discovered that may allow remote attackers to
execute arbitrary commands via shell metacharacters in a _service file.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process.
Workaround
There is no known work around at this time.
Resolution
All OSC users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/osc-0.152.0"
|
References
CVE-2015-0778 |
|
News & Announcements
