Описание
Security update for libgit2
This update for libgit2 fixes the following issues:
Security issue fixed:
- CVE-2018-17456: Submodule URLs and paths with a leading '-' are now ignored to avoid injecting options into library consumers that perform recursive clones (bsc#1110949).
Non-security issues fixed:
- Version update to version 0.26.8 (bsc#1114729).
- Full changelog can be found at:
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15
libgit2-26-0.26.8-3.8.1
libgit2-devel-0.26.8-3.8.1
Ссылки
- Link for SUSE-SU-2018:4009-1
- E-Mail link for SUSE-SU-2018:4009-1
- SUSE Security Ratings
- SUSE Bug 1110949
- SUSE Bug 1114729
- SUSE CVE CVE-2018-17456 page
Описание
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15:libgit2-26-0.26.8-3.8.1
SUSE Linux Enterprise Module for Development Tools 15:libgit2-devel-0.26.8-3.8.1
Ссылки
- CVE-2018-17456
- SUSE Bug 1110949