openSUSE-SU-2018:0914-1

Опубликовано: 10 апр. 2018

Источник: suse-cvrf

Описание

Security update for git

This update for git fixes the following issue:

CVE-2017-15298: Specially crafted repositories could have caused a denial of service (boo#1063412)

Список пакетов

openSUSE Leap 42.3

git-2.13.6-10.1

git-arch-2.13.6-10.1

git-core-2.13.6-10.1

git-credential-gnome-keyring-2.13.6-10.1

git-cvs-2.13.6-10.1

git-daemon-2.13.6-10.1

git-doc-2.13.6-10.1

git-email-2.13.6-10.1

git-gui-2.13.6-10.1

git-svn-2.13.6-10.1

git-web-2.13.6-10.1

gitk-2.13.6-10.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-04/msg00019.html
E-Mail link for openSUSE-SU-2018:0914-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Затронутые продукты

openSUSE Leap 42.3:git-2.13.6-10.1

openSUSE Leap 42.3:git-arch-2.13.6-10.1

openSUSE Leap 42.3:git-core-2.13.6-10.1

openSUSE Leap 42.3:git-credential-gnome-keyring-2.13.6-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15298.html
CVE-2017-15298
https://bugzilla.suse.com/1063412
SUSE Bug 1063412

openSUSE-SU-2018:0914-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-15298

Описание

Затронутые продукты

Ссылки