Описание
Security update for git
This update for git fixes the following issues:
- CVE-2017-14867: A cvsserver perl script command injection was fixed (CVE-2017-14867, bsc#1061041):
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
git-1.7.12.4-0.18.6.1
git-arch-1.7.12.4-0.18.6.1
git-core-1.7.12.4-0.18.6.1
git-cvs-1.7.12.4-0.18.6.1
git-daemon-1.7.12.4-0.18.6.1
git-email-1.7.12.4-0.18.6.1
git-gui-1.7.12.4-0.18.6.1
git-svn-1.7.12.4-0.18.6.1
git-web-1.7.12.4-0.18.6.1
gitk-1.7.12.4-0.18.6.1
SUSE Studio Onsite 1.3
git-1.7.12.4-0.18.6.1
git-core-1.7.12.4-0.18.6.1
Ссылки
- Link for SUSE-SU-2017:2717-1
- E-Mail link for SUSE-SU-2017:2717-1
- SUSE Security Ratings
- SUSE Bug 1061041
- SUSE CVE CVE-2017-14867 page
Описание
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:git-1.7.12.4-0.18.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-arch-1.7.12.4-0.18.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-core-1.7.12.4-0.18.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:git-cvs-1.7.12.4-0.18.6.1
Ссылки
- CVE-2017-14867
- SUSE Bug 1060377
- SUSE Bug 1060378
- SUSE Bug 1061041