Описание
Security update for git
This update for git fixes the following issues:
- CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
git-2.12.3-5.10.1
git-arch-2.12.3-5.10.1
git-core-2.12.3-5.10.1
git-credential-gnome-keyring-2.12.3-5.10.1
git-cvs-2.12.3-5.10.1
git-daemon-2.12.3-5.10.1
git-doc-2.12.3-5.10.1
git-email-2.12.3-5.10.1
git-gui-2.12.3-5.10.1
git-svn-2.12.3-5.10.1
git-web-2.12.3-5.10.1
gitk-2.12.3-5.10.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2331-1
- SUSE Security Ratings
Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Затронутые продукты
openSUSE Leap 42.2:git-2.12.3-5.10.1
openSUSE Leap 42.2:git-arch-2.12.3-5.10.1
openSUSE Leap 42.2:git-core-2.12.3-5.10.1
openSUSE Leap 42.2:git-credential-gnome-keyring-2.12.3-5.10.1
Ссылки
- CVE-2017-1000117
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1053600
- SUSE Bug 1053919
- SUSE Bug 1058214
- SUSE Bug 1066430
- SUSE Bug 1071709