Описание
Security update for git
This update for git fixes the following security issues:
- CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted 'ssh://...' URLs, including submodules (boo#1052481)
Список пакетов
openSUSE Leap 42.3
git-2.13.5-3.1
git-arch-2.13.5-3.1
git-core-2.13.5-3.1
git-credential-gnome-keyring-2.13.5-3.1
git-cvs-2.13.5-3.1
git-daemon-2.13.5-3.1
git-doc-2.13.5-3.1
git-email-2.13.5-3.1
git-gui-2.13.5-3.1
git-svn-2.13.5-3.1
git-web-2.13.5-3.1
gitk-2.13.5-3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2182-1
- SUSE Security Ratings
Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Затронутые продукты
openSUSE Leap 42.3:git-2.13.5-3.1
openSUSE Leap 42.3:git-arch-2.13.5-3.1
openSUSE Leap 42.3:git-core-2.13.5-3.1
openSUSE Leap 42.3:git-credential-gnome-keyring-2.13.5-3.1
Ссылки
- CVE-2017-1000117
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1053600
- SUSE Bug 1053919
- SUSE Bug 1058214
- SUSE Bug 1066430
- SUSE Bug 1071709