Mailinglist Archive: opensuse-updates (19 mails)

< Previous Next >
openSUSE-SU-2011:0115-1 (moderate): Fixing two git vulnerabilities (CVE-2010-3906, CVE-2010-2542).
openSUSE Security Update: Fixing two git vulnerabilities (CVE-2010-3906,
CVE-2010-2542).
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0115-1
Rating: moderate
References: #624586 #659281
Cross-References: CVE-2010-2542 CVE-2010-3906
Affected Products:
openSUSE 11.3
openSUSE 11.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update fixes two vulnerabilities:

XSS vulnerability in gitweb; a remote attacker could
craft an URL such that arbitrary content would be inserted
to the generated web page.

Stack overflow vulnerability that can lead to arbitrary
code execution if user runs any git command on a specially
crafted git working copy.

Security Issue references:
-
[CVE-2010-3906](http://cve.mitre.org/cgi-bin/cvename.cgi?nam
e=CVE-2010-3906)
-
[CVE-2010-2542](http://cve.mitre.org/cgi-bin/cvename.cgi?nam
e=CVE-2010-2542)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch git-3832

- openSUSE 11.2:

zypper in -t patch git-3831

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64):

git-1.7.1-2.3.1
git-arch-1.7.1-2.3.1
git-core-1.7.1-2.3.1
git-cvs-1.7.1-2.3.1
git-daemon-1.7.1-2.3.1
git-email-1.7.1-2.3.1
git-gui-1.7.1-2.3.1
git-remote-helpers-1.7.1-2.3.1
git-svn-1.7.1-2.3.1
git-web-1.7.1-2.3.1
gitk-1.7.1-2.3.1

- openSUSE 11.2 (i586 x86_64):

git-1.6.4.2-3.5.1
git-arch-1.6.4.2-3.5.1
git-core-1.6.4.2-3.5.1
git-cvs-1.6.4.2-3.5.1
git-daemon-1.6.4.2-3.5.1
git-email-1.6.4.2-3.5.1
git-gui-1.6.4.2-3.5.1
git-svn-1.6.4.2-3.5.1
git-web-1.6.4.2-3.5.1
gitk-1.6.4.2-3.5.1


References:

http://support.novell.com/security/cve/CVE-2010-2542.html
http://support.novell.com/security/cve/CVE-2010-3906.html
https://bugzilla.novell.com/624586
https://bugzilla.novell.com/659281


< Previous Next >
This Thread
  • No further messages