Описание
Security update for git
This update for git fixes the following issues:
Security issue fixed:
- CVE-2018-19486: Fixed git that executed commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was (bsc#1117257).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
git-2.16.4-lp150.2.9.1
git-arch-2.16.4-lp150.2.9.1
git-core-2.16.4-lp150.2.9.1
git-credential-gnome-keyring-2.16.4-lp150.2.9.1
git-credential-libsecret-2.16.4-lp150.2.9.1
git-cvs-2.16.4-lp150.2.9.1
git-daemon-2.16.4-lp150.2.9.1
git-doc-2.16.4-lp150.2.9.1
git-email-2.16.4-lp150.2.9.1
git-gui-2.16.4-lp150.2.9.1
git-p4-2.16.4-lp150.2.9.1
git-svn-2.16.4-lp150.2.9.1
git-web-2.16.4-lp150.2.9.1
gitk-2.16.4-lp150.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2018:4257-1
- SUSE Security Ratings
Описание
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Затронутые продукты
openSUSE Leap 15.0:git-2.16.4-lp150.2.9.1
openSUSE Leap 15.0:git-arch-2.16.4-lp150.2.9.1
openSUSE Leap 15.0:git-core-2.16.4-lp150.2.9.1
openSUSE Leap 15.0:git-credential-gnome-keyring-2.16.4-lp150.2.9.1
Ссылки
- CVE-2018-19486
- SUSE Bug 1117257