[opensuse-security] Re: [security-announce] SUSE-SU-2017:2225-1: important: Security update for git

We don't have git installed anywhere. Doubtless there's some very expensive vendor package that's the company standard instead. Patching on the fly would take restarting any running processes; I don't know if there are such things with a typical git setup. CVE-2017-1000117 has a VSS score of 9.3 inflated from Suse's estimate of 5.8, so it's due 20 Oct. Ted On Mon, 2017-08-21 at 18:07 +0200, opensuse-security@opensuse.org wrote: SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2225-1 Rating: important References: #1052481 Cross-References: CVE-2017-1000117 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution (bsc#1052481) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-13235=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-git-13235=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-git-13235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.18.3.1 git-core-1.7.12.4-0.18.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.18.3.1 git-arch-1.7.12.4-0.18.3.1 git-core-1.7.12.4-0.18.3.1 git-cvs-1.7.12.4-0.18.3.1 git-daemon-1.7.12.4-0.18.3.1 git-email-1.7.12.4-0.18.3.1 git-gui-1.7.12.4-0.18.3.1 git-svn-1.7.12.4-0.18.3.1 git-web-1.7.12.4-0.18.3.1 gitk-1.7.12.4-0.18.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.18.3.1 git-debugsource-1.7.12.4-0.18.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000117.html https://bugzilla.suse.com/1052481 N�����r��y隊Z)z{.��r��/��˛���m�)z{.��+�:�{Zr�az�'z��j)h���Ǭy˫�ܾ� ޮ�^�ˬz��