Описание
Security update for git
This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
git-1.7.12.4-0.14.1
git-arch-1.7.12.4-0.14.1
git-core-1.7.12.4-0.14.1
git-cvs-1.7.12.4-0.14.1
git-daemon-1.7.12.4-0.14.1
git-email-1.7.12.4-0.14.1
git-gui-1.7.12.4-0.14.1
git-svn-1.7.12.4-0.14.1
git-web-1.7.12.4-0.14.1
gitk-1.7.12.4-0.14.1
SUSE OpenStack Cloud 5
git-core-1.7.12.4-0.14.1
Ссылки
- Link for SUSE-SU-2016:0798-1
- E-Mail link for SUSE-SU-2016:0798-1
- SUSE Security Ratings
- SUSE Bug 971328
- SUSE CVE CVE-2016-2315 page
- SUSE CVE CVE-2016-2324 page
Описание
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.14.1
Ссылки
- CVE-2016-2315
- SUSE Bug 971328
Описание
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.14.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.14.1
Ссылки
- CVE-2016-2324
- SUSE Bug 971328