Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in git
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in git
ID: SUSE-SU-2020:0045-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1
Datum: Mi, 8. Januar 2020, 18:50
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352
Applikationen: Git

Originalnachricht


SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:0045-1
Rating: important
References: #1082023 #1149792 #1158785 #1158787 #1158788
#1158789 #1158790 #1158791 #1158792 #1158793
#1158795
Cross-References: CVE-2019-1348 CVE-2019-1349 CVE-2019-1350
CVE-2019-1351 CVE-2019-1352 CVE-2019-1353
CVE-2019-1354 CVE-2019-1387 CVE-2019-19604

Affected Products:
SUSE Linux Enterprise Module for Open Buildservice
Development Tools 15-SP1
SUSE Linux Enterprise Module for Open Buildservice
Development Tools 15
SUSE Linux Enterprise Module for Development Tools 15-SP1
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15-SP1
SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

An update that solves 9 vulnerabilities and has two fixes
is now available.

Description:

This update for git fixes the following issues:

Security issues fixed:

- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled into using
the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update
could execute code contained within the repository without the user
explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a
vulnerability that is caused by too-lax validation of submodule names,
allowing very targeted attacks via remote code execution in recursive
clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked
files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows drive, none of
the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data
Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed
remote code execution during a recursive clone in conjunction with SSH
URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed
also via the in-stream command feature export-marks=... and it allows
overwriting arbitrary paths (bsc#1158785).
- Fixes an issue where git send-email failed to authenticate with SMTP
server (bsc#1082023)

Bug fixes:

- Add zlib dependency, which used to be provided by openssl-devel, so that
package can compile successfully after openssl upgrade to 1.1.1.
(bsc#1149792).


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:

zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-45=1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-45=1

- SUSE Linux Enterprise Module for Development Tools 15-SP1:

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-45=1

- SUSE Linux Enterprise Module for Development Tools 15:

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-45=1

- SUSE Linux Enterprise Module for Basesystem 15-SP1:

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-45=1

- SUSE Linux Enterprise Module for Basesystem 15:

zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-45=1



Package List:

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 (aarch64 ppc64le s390x x86_64):

git-credential-gnome-keyring-2.16.4-3.17.2
git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2
git-credential-libsecret-2.16.4-3.17.2
git-credential-libsecret-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2
git-p4-2.16.4-3.17.2

- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
(aarch64 ppc64le s390x x86_64):

git-credential-gnome-keyring-2.16.4-3.17.2
git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2
git-credential-libsecret-2.16.4-3.17.2
git-credential-libsecret-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2
git-p4-2.16.4-3.17.2

- SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le
s390x x86_64):

git-2.16.4-3.17.2
git-arch-2.16.4-3.17.2
git-cvs-2.16.4-3.17.2
git-daemon-2.16.4-3.17.2
git-daemon-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2
git-email-2.16.4-3.17.2
git-gui-2.16.4-3.17.2
git-svn-2.16.4-3.17.2
git-svn-debuginfo-2.16.4-3.17.2
git-web-2.16.4-3.17.2
gitk-2.16.4-3.17.2

- SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):

git-doc-2.16.4-3.17.2
perl-Authen-SASL-2.16-1.3.1
perl-Net-SMTP-SSL-1.04-1.3.1

- SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le
s390x x86_64):

git-2.16.4-3.17.2
git-arch-2.16.4-3.17.2
git-cvs-2.16.4-3.17.2
git-daemon-2.16.4-3.17.2
git-daemon-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2
git-email-2.16.4-3.17.2
git-gui-2.16.4-3.17.2
git-svn-2.16.4-3.17.2
git-svn-debuginfo-2.16.4-3.17.2
git-web-2.16.4-3.17.2
gitk-2.16.4-3.17.2

- SUSE Linux Enterprise Module for Development Tools 15 (noarch):

git-doc-2.16.4-3.17.2
perl-Authen-SASL-2.16-1.3.1
perl-Net-SMTP-SSL-1.04-1.3.1

- SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
x86_64):

git-core-2.16.4-3.17.2
git-core-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2

- SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x
x86_64):

git-core-2.16.4-3.17.2
git-core-debuginfo-2.16.4-3.17.2
git-debuginfo-2.16.4-3.17.2
git-debugsource-2.16.4-3.17.2


References:

https://www.suse.com/security/cve/CVE-2019-1348.html
https://www.suse.com/security/cve/CVE-2019-1349.html
https://www.suse.com/security/cve/CVE-2019-1350.html
https://www.suse.com/security/cve/CVE-2019-1351.html
https://www.suse.com/security/cve/CVE-2019-1352.html
https://www.suse.com/security/cve/CVE-2019-1353.html
https://www.suse.com/security/cve/CVE-2019-1354.html
https://www.suse.com/security/cve/CVE-2019-1387.html
https://www.suse.com/security/cve/CVE-2019-19604.html
https://bugzilla.suse.com/1082023
https://bugzilla.suse.com/1149792
https://bugzilla.suse.com/1158785
https://bugzilla.suse.com/1158787
https://bugzilla.suse.com/1158788
https://bugzilla.suse.com/1158789
https://bugzilla.suse.com/1158790
https://bugzilla.suse.com/1158791
https://bugzilla.suse.com/1158792
https://bugzilla.suse.com/1158793
https://bugzilla.suse.com/1158795

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung