Описание
Security update for git
This update for git fixes the following issues:
Security issues fixed:
- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
- Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023)
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Ссылки
- Link for SUSE-SU-2019:3311-1
- E-Mail link for SUSE-SU-2019:3311-1
- SUSE Security Ratings
- SUSE Bug 1082023
- SUSE Bug 1158785
- SUSE Bug 1158787
- SUSE Bug 1158788
- SUSE Bug 1158789
- SUSE Bug 1158790
- SUSE Bug 1158791
- SUSE Bug 1158792
- SUSE Bug 1158793
- SUSE Bug 1158795
- SUSE CVE CVE-2019-1348 page
- SUSE CVE CVE-2019-1349 page
- SUSE CVE CVE-2019-1350 page
- SUSE CVE CVE-2019-1351 page
- SUSE CVE CVE-2019-1352 page
- SUSE CVE CVE-2019-1353 page
- SUSE CVE CVE-2019-1354 page
Описание
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
Затронутые продукты
Ссылки
- CVE-2019-1348
- SUSE Bug 1158785
Описание
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
Затронутые продукты
Ссылки
- CVE-2019-1349
- SUSE Bug 1158785
- SUSE Bug 1158787
Описание
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
Затронутые продукты
Ссылки
- CVE-2019-1350
- SUSE Bug 1158785
- SUSE Bug 1158788
Описание
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
Затронутые продукты
Ссылки
- CVE-2019-1351
- SUSE Bug 1158785
- SUSE Bug 1158789
Описание
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.
Затронутые продукты
Ссылки
- CVE-2019-1352
- SUSE Bug 1158785
- SUSE Bug 1158787
- SUSE Bug 1158790
Описание
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
Затронутые продукты
Ссылки
- CVE-2019-1353
- SUSE Bug 1158785
- SUSE Bug 1158791
Описание
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
Затронутые продукты
Ссылки
- CVE-2019-1354
- SUSE Bug 1158785
- SUSE Bug 1158792
Описание
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
Затронутые продукты
Ссылки
- CVE-2019-1387
- SUSE Bug 1158785
- SUSE Bug 1158793
Описание
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
Затронутые продукты
Ссылки
- CVE-2019-19604
- SUSE Bug 1158785
- SUSE Bug 1158795