Описание
Security update for git
This update for git fixes the following issue:
- CVE-2017-8386: git shell, may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (bsc#1038395):
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
git-1.7.12.4-0.17.1
git-arch-1.7.12.4-0.17.1
git-core-1.7.12.4-0.17.1
git-cvs-1.7.12.4-0.17.1
git-daemon-1.7.12.4-0.17.1
git-email-1.7.12.4-0.17.1
git-gui-1.7.12.4-0.17.1
git-svn-1.7.12.4-0.17.1
git-web-1.7.12.4-0.17.1
gitk-1.7.12.4-0.17.1
SUSE Studio Onsite 1.3
git-1.7.12.4-0.17.1
git-core-1.7.12.4-0.17.1
Ссылки
- Link for SUSE-SU-2017:1432-1
- E-Mail link for SUSE-SU-2017:1432-1
- SUSE Security Ratings
- SUSE Bug 1038395
- SUSE CVE CVE-2017-8386 page
Описание
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.17.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.17.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.17.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.17.1
Ссылки
- CVE-2017-8386
- SUSE Bug 1038395