Описание
Security update for git
This update for git fixes the following issues:
Security issue fixed:
- CVE-2018-19486: Fixed git that executed commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was (bsc#1117257).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
git-core-2.16.4-3.9.2
SUSE Linux Enterprise Module for Development Tools 15
git-2.16.4-3.9.2
git-arch-2.16.4-3.9.2
git-cvs-2.16.4-3.9.2
git-daemon-2.16.4-3.9.2
git-doc-2.16.4-3.9.2
git-email-2.16.4-3.9.2
git-gui-2.16.4-3.9.2
git-svn-2.16.4-3.9.2
git-web-2.16.4-3.9.2
gitk-2.16.4-3.9.2
Ссылки
- Link for SUSE-SU-2018:4190-1
- E-Mail link for SUSE-SU-2018:4190-1
- SUSE Security Ratings
- SUSE Bug 1117257
- SUSE CVE CVE-2018-19486 page
Описание
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.9.2
SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.9.2
SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.9.2
SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.9.2
Ссылки
- CVE-2018-19486
- SUSE Bug 1117257