Security update for git
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:2320-1
Final
1
1
2017-08-31T19:42:50Z
current
2017-08-31T19:42:50Z
2017-08-31T19:42:50Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for git
This update for git fixes the following issues:
- CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-CAASP-ALL-2017-1429,SUSE-OpenStack-Cloud-6-2017-1429,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1429,SUSE-SLE-RPI-12-SP2-2017-1429,SUSE-SLE-SAP-12-2017-1429,SUSE-SLE-SAP-12-SP1-2017-1429,SUSE-SLE-SDK-12-SP2-2017-1429,SUSE-SLE-SDK-12-SP3-2017-1429,SUSE-SLE-SERVER-12-2017-1429,SUSE-SLE-SERVER-12-SP1-2017-1429,SUSE-SLE-SERVER-12-SP2-2017-1429,SUSE-SLE-SERVER-12-SP3-2017-1429
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20172320-1/
Link for SUSE-SU-2017:2320-1
https://lists.suse.com/pipermail/sle-security-updates/2017-August/003178.html
E-Mail link for SUSE-SU-2017:2320-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1052481
SUSE Bug 1052481
https://www.suse.com/security/cve/CVE-2017-1000117/
SUSE CVE CVE-2017-1000117 page
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE OpenStack Cloud 6
git-core-2.12.3-27.5.1
git-doc-2.12.3-27.5.1
git-2.12.3-27.5.1
git-arch-2.12.3-27.5.1
git-cvs-2.12.3-27.5.1
git-daemon-2.12.3-27.5.1
git-email-2.12.3-27.5.1
git-gui-2.12.3-27.5.1
git-svn-2.12.3-27.5.1
git-web-2.12.3-27.5.1
gitk-2.12.3-27.5.1
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12 SP2
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12 SP2
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12 SP3
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12-LTSS
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server 12-LTSS
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3
git-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-arch-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-cvs-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-daemon-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-email-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-gui-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-svn-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-web-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
gitk-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
git-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-arch-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-core-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-cvs-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-daemon-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-doc-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-email-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-gui-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-svn-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-web-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
gitk-2.12.3-27.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3
git-core-2.12.3-27.5.1 as a component of SUSE OpenStack Cloud 6
git-doc-2.12.3-27.5.1 as a component of SUSE OpenStack Cloud 6
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVE-2017-1000117
SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP2:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP2:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server 12 SP3:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12-LTSS:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server 12-LTSS:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Server for SAP Applications 12:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-arch-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-cvs-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-daemon-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-email-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-gui-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-svn-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:git-web-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:gitk-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-arch-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-core-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-cvs-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-daemon-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-doc-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-email-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-gui-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-svn-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:git-web-2.12.3-27.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3:gitk-2.12.3-27.5.1
SUSE OpenStack Cloud 6:git-core-2.12.3-27.5.1
SUSE OpenStack Cloud 6:git-doc-2.12.3-27.5.1
important
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20172320-1/
https://www.suse.com/security/cve/CVE-2017-1000117.html
CVE-2017-1000117
https://bugzilla.suse.com/1052481
SUSE Bug 1052481
https://bugzilla.suse.com/1052696
SUSE Bug 1052696
https://bugzilla.suse.com/1052932
SUSE Bug 1052932
https://bugzilla.suse.com/1053364
SUSE Bug 1053364
https://bugzilla.suse.com/1053600
SUSE Bug 1053600
https://bugzilla.suse.com/1053919
SUSE Bug 1053919
https://bugzilla.suse.com/1054653
SUSE Bug 1054653
https://bugzilla.suse.com/1058214
SUSE Bug 1058214
https://bugzilla.suse.com/1066430
SUSE Bug 1066430
https://bugzilla.suse.com/1071709
SUSE Bug 1071709