SUSE-SU-2016:0796-1

Опубликовано: 16 мар. 2016

Источник: suse-cvrf

Описание

Security update for git

This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328).

Список пакетов

SUSE Linux Enterprise Server 12

git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server 12 SP1

git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12

git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

git-core-1.8.5.6-18.1

SUSE Linux Enterprise Software Development Kit 12

git-1.8.5.6-18.1

git-arch-1.8.5.6-18.1

git-core-1.8.5.6-18.1

git-cvs-1.8.5.6-18.1

git-daemon-1.8.5.6-18.1

git-email-1.8.5.6-18.1

git-gui-1.8.5.6-18.1

git-svn-1.8.5.6-18.1

git-web-1.8.5.6-18.1

gitk-1.8.5.6-18.1

SUSE Linux Enterprise Software Development Kit 12 SP1

git-1.8.5.6-18.1

git-arch-1.8.5.6-18.1

git-core-1.8.5.6-18.1

git-cvs-1.8.5.6-18.1

git-daemon-1.8.5.6-18.1

git-email-1.8.5.6-18.1

git-gui-1.8.5.6-18.1

git-svn-1.8.5.6-18.1

git-web-1.8.5.6-18.1

gitk-1.8.5.6-18.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160796-1/
Link for SUSE-SU-2016:0796-1
https://lists.suse.com/pipermail/sle-security-updates/2016-March/001949.html
E-Mail link for SUSE-SU-2016:0796-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/971328
SUSE Bug 971328
https://www.suse.com/security/cve/CVE-2016-2315/
SUSE CVE CVE-2016-2315 page
https://www.suse.com/security/cve/CVE-2016-2324/
SUSE CVE CVE-2016-2324 page

Описание

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP1:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server 12:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12:git-core-1.8.5.6-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2315.html
CVE-2016-2315
https://bugzilla.suse.com/971328
SUSE Bug 971328

Описание

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP1:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server 12:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-1.8.5.6-18.1

SUSE Linux Enterprise Server for SAP Applications 12:git-core-1.8.5.6-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2324.html
CVE-2016-2324
https://bugzilla.suse.com/971328
SUSE Bug 971328

SUSE-SU-2016:0796-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Software Development Kit 12 SP1

Ссылки

Уязвимость: CVE-2016-2315

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2324

Описание

Затронутые продукты

Ссылки