Re: [security-announce] SUSE-SU-2017:2225-1: important: Security update for git

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [security-announce] SUSE-SU-2017:2225-1: important: Security update for git

tedrb
We don't have git installed anywhere. Doubtless there's some very expensive vendor package that's the company standard instead.

Patching on the fly would take restarting any running processes; I don't know if there are such things with a typical git setup.  CVE-2017-1000117 has a VSS score of 9.3 inflated from Suse's estimate of 5.8, so it's due 20 Oct.

Ted

On Mon, 2017-08-21 at 18:07 +0200, [hidden email] wrote:

   SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2225-1
Rating:             important
References:         #1052481
Cross-References:   CVE-2017-1000117
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for git fixes the following issues:

     - CVE-2017-1000117: an argument injection in SSH URLs could lead to
       client-side code execution (bsc#1052481)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-git-13235=1

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-git-13235=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-git-13235=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      git-1.7.12.4-0.18.3.1
      git-core-1.7.12.4-0.18.3.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      git-1.7.12.4-0.18.3.1
      git-arch-1.7.12.4-0.18.3.1
      git-core-1.7.12.4-0.18.3.1
      git-cvs-1.7.12.4-0.18.3.1
      git-daemon-1.7.12.4-0.18.3.1
      git-email-1.7.12.4-0.18.3.1
      git-gui-1.7.12.4-0.18.3.1
      git-svn-1.7.12.4-0.18.3.1
      git-web-1.7.12.4-0.18.3.1
      gitk-1.7.12.4-0.18.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      git-debuginfo-1.7.12.4-0.18.3.1
      git-debugsource-1.7.12.4-0.18.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000117.html
   https://bugzilla.suse.com/1052481


N�����r��y隊Z)z{.��r��/��˛���m�)z{.��+�:�{Zr�az�'z��j)h���Ǭy˫�ܾ� ޮ�^�ˬz��