Описание
Security update for git
This update for git fixes the following issues:
This security issue was fixed:
- CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name (bsc#1061041).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
git-2.12.3-5.14.1
git-arch-2.12.3-5.14.1
git-core-2.12.3-5.14.1
git-credential-gnome-keyring-2.12.3-5.14.1
git-cvs-2.12.3-5.14.1
git-daemon-2.12.3-5.14.1
git-doc-2.12.3-5.14.1
git-email-2.12.3-5.14.1
git-gui-2.12.3-5.14.1
git-svn-2.12.3-5.14.1
git-web-2.12.3-5.14.1
gitk-2.12.3-5.14.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2757-1
- SUSE Security Ratings
Описание
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Затронутые продукты
openSUSE Leap 42.2:git-2.12.3-5.14.1
openSUSE Leap 42.2:git-arch-2.12.3-5.14.1
openSUSE Leap 42.2:git-core-2.12.3-5.14.1
openSUSE Leap 42.2:git-credential-gnome-keyring-2.12.3-5.14.1
Ссылки
- CVE-2017-14867
- SUSE Bug 1060377
- SUSE Bug 1060378
- SUSE Bug 1061041