Описание
Security update for git
This update for git fixes the following issues:
- CVE-2021-40330: Fixed unexpected cross-protocol requests via newline character in git_connect_git repository path (bsc#1189992).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
git-core-2.26.2-33.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
git-2.26.2-33.1
git-arch-2.26.2-33.1
git-cvs-2.26.2-33.1
git-daemon-2.26.2-33.1
git-doc-2.26.2-33.1
git-email-2.26.2-33.1
git-gui-2.26.2-33.1
git-svn-2.26.2-33.1
git-web-2.26.2-33.1
gitk-2.26.2-33.1
Ссылки
- Link for SUSE-SU-2021:3300-1
- E-Mail link for SUSE-SU-2021:3300-1
- SUSE Security Ratings
- SUSE Bug 1189992
- SUSE CVE CVE-2021-40330 page
Описание
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:git-core-2.26.2-33.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:git-2.26.2-33.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:git-arch-2.26.2-33.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:git-cvs-2.26.2-33.1
Ссылки
- CVE-2021-40330
- SUSE Bug 1189992