First published: Tue Feb 28 2012(Updated: )
A security flaw was found in the way osc, the Python language based command line client for the openSUSE build service, displayed build logs and build status for particular build. A rogue repository server could use this flaw to modify window's title, or possibly execute arbitrary commands or overwrite files via a specially-crafted build log or build status output containing an escape sequence for a terminal emulator. References: [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=749335">https://bugzilla.novell.com/show_bug.cgi?id=749335</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
openSUSE | <=0.133 | |
openSUSE | =11.4 | |
openSUSE | =12.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-1095 is considered a moderate severity vulnerability due to the risk of arbitrary command execution.
To fix CVE-2012-1095, update the osc package to version 0.134 or later.
The affected software versions for CVE-2012-1095 include openSUSE osc versions up to 0.133, and openSUSE 11.4 and 12.1.
CVE-2012-1095 can be exploited by a rogue repository server to modify window titles or execute arbitrary commands.
Yes, CVE-2012-1095 affects the openSUSE operating system.