Описание
Security update for git
This update for git fixes the following issues:
- CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP2
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP3
git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12-LTSS
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
git-core-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2
git-2.12.3-27.5.1
git-arch-2.12.3-27.5.1
git-core-2.12.3-27.5.1
git-cvs-2.12.3-27.5.1
git-daemon-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
git-email-2.12.3-27.5.1
git-gui-2.12.3-27.5.1
git-svn-2.12.3-27.5.1
git-web-2.12.3-27.5.1
gitk-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3
git-2.12.3-27.5.1
git-arch-2.12.3-27.5.1
git-core-2.12.3-27.5.1
git-cvs-2.12.3-27.5.1
git-daemon-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
git-email-2.12.3-27.5.1
git-gui-2.12.3-27.5.1
git-svn-2.12.3-27.5.1
git-web-2.12.3-27.5.1
gitk-2.12.3-27.5.1
SUSE OpenStack Cloud 6
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
Ссылки
- Link for SUSE-SU-2017:2320-1
- E-Mail link for SUSE-SU-2017:2320-1
- SUSE Security Ratings
- SUSE Bug 1052481
- SUSE CVE CVE-2017-1000117 page
Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.5.1
Ссылки
- CVE-2017-1000117
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1053600
- SUSE Bug 1053919
- SUSE Bug 1054653
- SUSE Bug 1058214
- SUSE Bug 1066430
- SUSE Bug 1071709