SUSE-SU-2013:0520-1: moderate: Security update for git

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 22 10:04:29 MDT 2013


   SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0520-1
Rating:             moderate
References:         #803874 #804730 
Cross-References:   CVE-2013-0308
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available. It includes one version update.

Description:


   git has been updated to fix a security issue and one bug:

   * CVE-2013-0308: git imap-send did not verify the SSL
   host certificate, allowing man in the middle attacks. This
   has been fixed.
   * The git-web frontend did not work after the last git
   update when AppArmor was active. The file path was adjusted
   so that this works again.

   Security Issue reference:

   * CVE-2013-0308
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-git-7398

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.12.4]:

      git-1.7.12.4-0.5.1
      git-arch-1.7.12.4-0.5.1
      git-core-1.7.12.4-0.5.1
      git-cvs-1.7.12.4-0.5.1
      git-daemon-1.7.12.4-0.5.1
      git-email-1.7.12.4-0.5.1
      git-gui-1.7.12.4-0.5.1
      git-svn-1.7.12.4-0.5.1
      git-web-1.7.12.4-0.5.1
      gitk-1.7.12.4-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2013-0308.html
   https://bugzilla.novell.com/803874
   https://bugzilla.novell.com/804730
   http://download.novell.com/patch/finder/?keywords=d38f0c60ef50e644dcd202cc30fa4bd3



More information about the sle-security-updates mailing list