Oval Definition:	oval:org.opensuse.security:def:201812476
Revision Date: 2022-09-01 Version: 1 Title: CVE-2018-12476 Description: Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-12476 SUSE-SU-2019:0540-1 openSUSE-SU-2019:0326-1 openSUSE-SU-2019:0329-1 Mitre CVE-2018-12476 SUSE CVE-2018-12476 SUSE-SU-2019:0540-1 openSUSE-SU-2019:0326-1 openSUSE-SU-2019:0329-1 Platform(s): openSUSE Leap 15.0 openSUSE Tumbleweed SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Package Hub for SUSE Linux Enterprise 15 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-appimage is signed with openSUSE key OR obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-obs_scm is signed with openSUSE key OR obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-obs_scm-common is signed with openSUSE key OR obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-snapcraft is signed with openSUSE key OR obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-tar is signed with openSUSE key OR obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3 is installed AND obs-service-tar_scm is signed with openSUSE key Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information obs-service-appimage-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-tar-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND obs-service-appimage-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-tar-0.10.5.1551309990.79898c7-3.3 is installed OR obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3 is installed OR Package Information SUSE Package Hub for SUSE Linux Enterprise 15 is installed AND obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3 is installed OR obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3 is installed OR obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3 is installed OR obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3 is installed OR obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3 is installed OR obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP5 is installed AND Package Information obs-service-appimage-0.10.6.1551887937.e42c270-1.3 is installed OR obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3 is installed OR obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3 is installed OR obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3 is installed OR obs-service-tar-0.10.6.1551887937.e42c270-1.3 is installed OR obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3 is installed Definition Synopsis openSUSE Tumbleweed is installed AND Package Information obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 is installed OR obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 is installed OR obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 is installed OR obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 is installed OR obs-service-tar-0.10.28.1632141620.a8837d3-1.1 is installed OR obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 15 is installed AND Package Information obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed OR obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed OR obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed OR obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed OR obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed OR obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed AND Package Information obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 is installed OR obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 is installed OR obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 is installed OR obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 is installed OR obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 is installed OR obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 is installed
BACK