Описание
Security update for git
This update for git fixes the following issues:
This security issue was fixed:
- CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name (bsc#1061041).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server 12 SP2
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server 12 SP3
git-core-2.12.3-27.9.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
git-core-2.12.3-27.9.1
SUSE Linux Enterprise Software Development Kit 12 SP2
git-2.12.3-27.9.1
git-arch-2.12.3-27.9.1
git-core-2.12.3-27.9.1
git-cvs-2.12.3-27.9.1
git-daemon-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
git-email-2.12.3-27.9.1
git-gui-2.12.3-27.9.1
git-svn-2.12.3-27.9.1
git-web-2.12.3-27.9.1
gitk-2.12.3-27.9.1
SUSE Linux Enterprise Software Development Kit 12 SP3
git-2.12.3-27.9.1
git-arch-2.12.3-27.9.1
git-core-2.12.3-27.9.1
git-cvs-2.12.3-27.9.1
git-daemon-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
git-email-2.12.3-27.9.1
git-gui-2.12.3-27.9.1
git-svn-2.12.3-27.9.1
git-web-2.12.3-27.9.1
gitk-2.12.3-27.9.1
SUSE OpenStack Cloud 6
git-core-2.12.3-27.9.1
git-doc-2.12.3-27.9.1
Ссылки
- Link for SUSE-SU-2017:2747-1
- E-Mail link for SUSE-SU-2017:2747-1
- SUSE Security Ratings
- SUSE Bug 1061041
- SUSE CVE CVE-2017-14867 page
Описание
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.9.1
SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.9.1
SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.9.1
SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.9.1
Ссылки
- CVE-2017-14867
- SUSE Bug 1060377
- SUSE Bug 1060378
- SUSE Bug 1061041