Описание
Security update for git
This update for git fixes several issues.
These security issues were fixed:
- CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218)
- CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219)
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Ссылки
- Link for SUSE-SU-2018:1566-1
- E-Mail link for SUSE-SU-2018:1566-1
- SUSE Security Ratings
- SUSE Bug 1095218
- SUSE Bug 1095219
- SUSE CVE CVE-2018-11233 page
- SUSE CVE CVE-2018-11235 page
Описание
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Затронутые продукты
Ссылки
- CVE-2018-11233
- SUSE Bug 1095218
Описание
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Затронутые продукты
Ссылки
- CVE-2018-11235
- SUSE Bug 1095219