Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2537-1

Опубликовано: 22 июл. 2022
Источник: suse-cvrf

Описание

Security update for git

This update for git fixes the following issues:

  • CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
  • Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119)

Список пакетов

HPE Helion OpenStack 8
git-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP2-BCL
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-doc-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP3-BCL
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP4-LTSS
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP5
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE Linux Enterprise Software Development Kit 12 SP5
git-2.26.2-27.57.1
git-arch-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-doc-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE OpenStack Cloud 8
git-2.26.2-27.57.1
SUSE OpenStack Cloud 9
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1
SUSE OpenStack Cloud Crowbar 9
git-2.26.2-27.57.1
git-core-2.26.2-27.57.1
git-cvs-2.26.2-27.57.1
git-daemon-2.26.2-27.57.1
git-email-2.26.2-27.57.1
git-gui-2.26.2-27.57.1
git-svn-2.26.2-27.57.1
git-web-2.26.2-27.57.1
gitk-2.26.2-27.57.1

Ссылки

Описание

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Затронутые продукты
HPE Helion OpenStack 8:git-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP2-BCL:git-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.26.2-27.57.1
SUSE Linux Enterprise Server 12 SP2-BCL:git-cvs-2.26.2-27.57.1
Ссылки
Уязвимость SUSE-SU-2022:2537-1