Joined: 12 May 2004
|Posted: Sun Mar 06, 2016 9:26 pm Post subject: [ glsa 201603-02 ] osc
|Gentoo Linux Security Advisory
Title: OSC: Shell command injection (GLSA 201603-02)
Date: March 06, 2016
OSC is vulnerable to the remote execution of arbitrary code.
OSC is the command line tool and API for the Open Build Service.
Vulnerable: < 0.152.0
Unaffected: >= 0.152.0
Architectures: All supported architectures
A vulnerability has been discovered that may allow remote attackers to
execute arbitrary commands via shell metacharacters in a _service file.
A remote attacker could possibly execute arbitrary code with the
privileges of the process.
There is no known work around at this time.
All OSC users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/osc-0.152.0"