SUSE-SU-2017:1357-1: moderate: Security update for git

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri May 19 07:11:30 MDT 2017


   SUSE Security Update: Security update for git
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1357-1
Rating:             moderate
References:         #1038395 
Cross-References:   CVE-2017-8386
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Server 12-SP1
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   This update for git fixes the following issues:

   - git 2.12.3:
    * CVE-2017-8386: Fix git-shell not to escape with the starting dash name
      (bsc#1038395)
    * Fix for potential segv introduced in v2.11.0 and later
    * Misc fixes and cleanups.
   - git 2.12.2:
     * CLI output fixes
     * "Dump http" transport fixes
     * various fixes for internal code paths
     * Trailer "Cc:" RFC fix
   - git 2.12.1:
     * Reduce authentication round-trip over HTTP when the server supports
       just a single authentication method.
     * "git add -i" patch subcommand fixed to have a path selection
     * various path verification fixes
     * fix "git log -L..." buffer overrun


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-830=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-830=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-830=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-830=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-830=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-830=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      git-2.12.3-26.1
      git-arch-2.12.3-26.1
      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-cvs-2.12.3-26.1
      git-daemon-2.12.3-26.1
      git-daemon-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1
      git-email-2.12.3-26.1
      git-gui-2.12.3-26.1
      git-svn-2.12.3-26.1
      git-svn-debuginfo-2.12.3-26.1
      git-web-2.12.3-26.1
      gitk-2.12.3-26.1

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):

      git-doc-2.12.3-26.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      git-2.12.3-26.1
      git-arch-2.12.3-26.1
      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-cvs-2.12.3-26.1
      git-daemon-2.12.3-26.1
      git-daemon-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1
      git-email-2.12.3-26.1
      git-gui-2.12.3-26.1
      git-svn-2.12.3-26.1
      git-svn-debuginfo-2.12.3-26.1
      git-web-2.12.3-26.1
      gitk-2.12.3-26.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):

      git-doc-2.12.3-26.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

      git-doc-2.12.3-26.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1

   - SUSE Linux Enterprise Server 12-SP2 (noarch):

      git-doc-2.12.3-26.1

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1

   - SUSE Linux Enterprise Server 12-SP1 (noarch):

      git-doc-2.12.3-26.1

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      git-core-2.12.3-26.1
      git-core-debuginfo-2.12.3-26.1
      git-debugsource-2.12.3-26.1


References:

   https://www.suse.com/security/cve/CVE-2017-8386.html
   https://bugzilla.suse.com/1038395



More information about the sle-security-updates mailing list