Описание
Security update for git
This update for git fixes the following issues:
- CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution (bsc#1052481)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
git-1.7.12.4-0.18.3.1
git-arch-1.7.12.4-0.18.3.1
git-core-1.7.12.4-0.18.3.1
git-cvs-1.7.12.4-0.18.3.1
git-daemon-1.7.12.4-0.18.3.1
git-email-1.7.12.4-0.18.3.1
git-gui-1.7.12.4-0.18.3.1
git-svn-1.7.12.4-0.18.3.1
git-web-1.7.12.4-0.18.3.1
gitk-1.7.12.4-0.18.3.1
SUSE Studio Onsite 1.3
git-1.7.12.4-0.18.3.1
git-core-1.7.12.4-0.18.3.1
Ссылки
- Link for SUSE-SU-2017:2225-1
- E-Mail link for SUSE-SU-2017:2225-1
- SUSE Security Ratings
- SUSE Bug 1052481
- SUSE CVE CVE-2017-1000117 page
Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.3.1
Ссылки
- CVE-2017-1000117
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1053600
- SUSE Bug 1053919
- SUSE Bug 1054653
- SUSE Bug 1058214
- SUSE Bug 1066430
- SUSE Bug 1071709