Mailinglist Archive: opensuse-security (4 mails)

< Previous Next >
[opensuse-security] Re: [security-announce] SUSE-SU-2017:2225-1: important: Security update for git
We don't have git installed anywhere. Doubtless there's some very expensive
vendor package that's the company standard instead.

Patching on the fly would take restarting any running processes; I don't know
if there are such things with a typical git setup. CVE-2017-1000117 has a VSS
score of 9.3 inflated from Suse's estimate of 5.8, so it's due 20 Oct.

Ted

On Mon, 2017-08-21 at 18:07 +0200, opensuse-security@xxxxxxxxxxxx wrote:

SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2225-1
Rating: important
References: #1052481
Cross-References: CVE-2017-1000117
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for git fixes the following issues:

- CVE-2017-1000117: an argument injection in SSH URLs could lead to
client-side code execution (bsc#1052481)


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Studio Onsite 1.3:

zypper in -t patch slestso13-git-13235=1

- SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-git-13235=1

- SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-git-13235=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Studio Onsite 1.3 (x86_64):

git-1.7.12.4-0.18.3.1
git-core-1.7.12.4-0.18.3.1

- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64
s390x x86_64):

git-1.7.12.4-0.18.3.1
git-arch-1.7.12.4-0.18.3.1
git-core-1.7.12.4-0.18.3.1
git-cvs-1.7.12.4-0.18.3.1
git-daemon-1.7.12.4-0.18.3.1
git-email-1.7.12.4-0.18.3.1
git-gui-1.7.12.4-0.18.3.1
git-svn-1.7.12.4-0.18.3.1
git-web-1.7.12.4-0.18.3.1
gitk-1.7.12.4-0.18.3.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

git-debuginfo-1.7.12.4-0.18.3.1
git-debugsource-1.7.12.4-0.18.3.1


References:

https://www.suse.com/security/cve/CVE-2017-1000117.html
https://bugzilla.suse.com/1052481


N�����r��y隊Z)z{.��r���/��˛���m�)z{.��+�:�{Zr�az�'z��j)h����Ǭy˫�ܾ� ޮ�^�ˬz��
< Previous Next >
This Thread
  • No further messages