Описание
Security update for git-annex
This update for git-annex fixes the following issues:
- CVE-2017-12976: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via -oProxyCommand. (boo#1054653).
Список пакетов
openSUSE Leap 42.2
git-annex-6.20170818-3.1
git-annex-bash-completion-6.20170818-3.1
openSUSE Leap 42.3
git-annex-6.20170818-3.1
git-annex-bash-completion-6.20170818-3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2309-1
- SUSE Security Ratings
Описание
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
Затронутые продукты
openSUSE Leap 42.2:git-annex-6.20170818-3.1
openSUSE Leap 42.2:git-annex-bash-completion-6.20170818-3.1
openSUSE Leap 42.3:git-annex-6.20170818-3.1
openSUSE Leap 42.3:git-annex-bash-completion-6.20170818-3.1
Ссылки
- CVE-2017-12976
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1053919
- SUSE Bug 1054653
- SUSE Bug 1066430
- SUSE Bug 1071709