{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2018-12473","title":"Title"},{"category":"description","text":"A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2018-12473","url":"https://www.suse.com/security/cve/CVE-2018-12473"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1105361 for CVE-2018-12473","url":"https://bugzilla.suse.com/1105361"},{"category":"external","summary":"Advisory link for SUSE-RU-2019:0880-1","url":"https://lists.suse.com/pipermail/sle-updates/2019-April/011150.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2019:0540-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2019-March/005169.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0326-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6/#24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0329-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E/#SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E"}],"title":"SUSE CVE CVE-2018-12473","tracking":{"current_release_date":"2025-10-07T09:53:18Z","generator":{"date":"2023-02-15T04:26:27Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2018-12473","initial_release_date":"2023-02-15T04:26:27Z","revision_history":[{"date":"2023-02-15T04:26:27Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:11:14Z","number":"3","summary":"Current version"},{"date":"2023-12-09T02:56:04Z","number":"4","summary":"Current version"},{"date":"2024-02-21T04:22:01Z","number":"5","summary":"Current version"},{"date":"2025-01-01T07:35:40Z","number":"6","summary":"Current version"},{"date":"2025-02-18T07:03:45Z","number":"7","summary":"Current version"},{"date":"2025-03-15T12:04:01Z","number":"8","summary":"Current version"},{"date":"2025-04-25T06:59:14Z","number":"9","summary":"Current version"},{"date":"2025-10-07T09:53:18Z","number":"10","summary":"Current version"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP5","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp5"}}},{"category":"product_name","name":"SUSE Package Hub 15","product":{"name":"SUSE Package Hub 15","product_id":"SUSE Package Hub 15"}},{"category":"product_name","name":"openSUSE Leap 15.0","product":{"name":"openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.0"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-appimage@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-appimage@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-appimage@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-appimage@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm-common@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm-common@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm-common@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-obs_scm-common@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-snapcraft@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-snapcraft@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-snapcraft@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-snapcraft@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-tar-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-tar-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1","product":{"name":"obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1","product_id":"obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar_scm@0.10.28.1632141620.a8837d3-1.1?upstream=obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product":{"name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product_id":"obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar_scm@0.10.5.1551309990.79898c7-bp150.3.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product":{"name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product_id":"obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar_scm@0.10.5.1551309990.79898c7-lp150.2.3.1?upstream=obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1.src.rpm"}}},{"category":"product_version","name":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","product":{"name":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","product_id":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","product_identification_helper":{"purl":"pkg:rpm/suse/obs-service-tar_scm@0.10.6.1551887937.e42c270-1.3.1?upstream=obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as component of SUSE Linux Enterprise Software Development Kit 12 SP5","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1"},"product_reference":"obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1"},"product_reference":"obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1"},"product_reference":"obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-tar-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1"},"product_reference":"obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2018-12473","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-12473"}],"notes":[{"category":"general","text":"A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1"]},"references":[{"category":"external","summary":"CVE-2018-12473","url":"https://www.suse.com/security/cve/CVE-2018-12473"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1105361 for CVE-2018-12473","url":"https://bugzilla.suse.com/1105361"},{"category":"external","summary":"Advisory link for SUSE-RU-2019:0880-1","url":"https://lists.suse.com/pipermail/sle-updates/2019-April/011150.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2019:0540-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2019-March/005169.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0326-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6/#24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0329-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E/#SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Server for SAP Applications 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1","SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1","SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1","SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1","openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1","openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1","openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1"]}],"threats":[{"category":"impact","date":"2018-08-20T15:30:26Z","details":"important"}],"title":"CVE-2018-12473"}]}