Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1357-1

Опубликовано: 19 мая 2017
Источник: suse-cvrf

Описание

Security update for git

This update for git fixes the following issues:

  • git 2.12.3:
  • CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395)
  • Fix for potential segv introduced in v2.11.0 and later
  • Misc fixes and cleanups.
  • git 2.12.2:
    • CLI output fixes
    • 'Dump http' transport fixes
    • various fixes for internal code paths
    • Trailer 'Cc:' RFC fix
  • git 2.12.1:
    • Reduce authentication round-trip over HTTP when the server supports just a single authentication method.
    • 'git add -i' patch subcommand fixed to have a path selection
    • various path verification fixes
    • fix 'git log -L...' buffer overrun

Список пакетов

SUSE Linux Enterprise Server 12 SP1
git-core-2.12.3-26.1
git-doc-2.12.3-26.1
SUSE Linux Enterprise Server 12 SP2
git-core-2.12.3-26.1
git-doc-2.12.3-26.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
git-core-2.12.3-26.1
git-doc-2.12.3-26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
git-core-2.12.3-26.1
git-doc-2.12.3-26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
git-core-2.12.3-26.1
git-doc-2.12.3-26.1
SUSE Linux Enterprise Software Development Kit 12 SP1
git-2.12.3-26.1
git-arch-2.12.3-26.1
git-core-2.12.3-26.1
git-cvs-2.12.3-26.1
git-daemon-2.12.3-26.1
git-doc-2.12.3-26.1
git-email-2.12.3-26.1
git-gui-2.12.3-26.1
git-svn-2.12.3-26.1
git-web-2.12.3-26.1
gitk-2.12.3-26.1
SUSE Linux Enterprise Software Development Kit 12 SP2
git-2.12.3-26.1
git-arch-2.12.3-26.1
git-core-2.12.3-26.1
git-cvs-2.12.3-26.1
git-daemon-2.12.3-26.1
git-doc-2.12.3-26.1
git-email-2.12.3-26.1
git-gui-2.12.3-26.1
git-svn-2.12.3-26.1
git-web-2.12.3-26.1
gitk-2.12.3-26.1

Ссылки

Описание

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1:git-core-2.12.3-26.1
SUSE Linux Enterprise Server 12 SP1:git-doc-2.12.3-26.1
SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-26.1
SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-26.1
Ссылки