openSUSE-SU-2016:0803-1

Опубликовано: 17 мар. 2016

Источник: suse-cvrf

Описание

Security update for cgit

This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code (CVE-2016-2315, CVE-2016-2324, bsc#971328).

Список пакетов

openSUSE Leap 42.1

cgit-0.12-9.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html
E-Mail link for openSUSE-SU-2016:0803-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Затронутые продукты

openSUSE Leap 42.1:cgit-0.12-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2315.html
CVE-2016-2315
https://bugzilla.suse.com/971328
SUSE Bug 971328

Описание

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Затронутые продукты

openSUSE Leap 42.1:cgit-0.12-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2324.html
CVE-2016-2324
https://bugzilla.suse.com/971328
SUSE Bug 971328

openSUSE-SU-2016:0803-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-2315

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2324

Описание

Затронутые продукты

Ссылки