Описание
Security update for git
This update for git fixes the following issues:
- CVE-2021-40330: Fixed unexpected cross-protocol requests via newline character in git_connect_git repository path (bsc#1189992).
Список пакетов
HPE Helion OpenStack 8
git-2.26.2-27.49.3
SUSE Linux Enterprise Server 12 SP5
git-2.26.2-27.49.3
git-core-2.26.2-27.49.3
git-cvs-2.26.2-27.49.3
git-daemon-2.26.2-27.49.3
git-email-2.26.2-27.49.3
git-gui-2.26.2-27.49.3
git-svn-2.26.2-27.49.3
git-web-2.26.2-27.49.3
gitk-2.26.2-27.49.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
git-2.26.2-27.49.3
git-core-2.26.2-27.49.3
git-cvs-2.26.2-27.49.3
git-daemon-2.26.2-27.49.3
git-email-2.26.2-27.49.3
git-gui-2.26.2-27.49.3
git-svn-2.26.2-27.49.3
git-web-2.26.2-27.49.3
gitk-2.26.2-27.49.3
SUSE Linux Enterprise Software Development Kit 12 SP5
git-2.26.2-27.49.3
git-arch-2.26.2-27.49.3
git-core-2.26.2-27.49.3
git-cvs-2.26.2-27.49.3
git-daemon-2.26.2-27.49.3
git-doc-2.26.2-27.49.3
git-email-2.26.2-27.49.3
git-gui-2.26.2-27.49.3
git-svn-2.26.2-27.49.3
git-web-2.26.2-27.49.3
gitk-2.26.2-27.49.3
SUSE OpenStack Cloud 8
git-2.26.2-27.49.3
Ссылки
- Link for SUSE-SU-2021:3484-1
- E-Mail link for SUSE-SU-2021:3484-1
- SUSE Security Ratings
- SUSE Bug 1189992
- SUSE CVE CVE-2021-40330 page
Описание
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Затронутые продукты
HPE Helion OpenStack 8:git-2.26.2-27.49.3
SUSE Linux Enterprise Server 12 SP5:git-2.26.2-27.49.3
SUSE Linux Enterprise Server 12 SP5:git-core-2.26.2-27.49.3
SUSE Linux Enterprise Server 12 SP5:git-cvs-2.26.2-27.49.3
Ссылки
- CVE-2021-40330
- SUSE Bug 1189992