Recommended update for git SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2325-1 Final 1 1 2015-12-19T11:23:00Z current 2015-12-19T11:23:00Z 2015-12-19T11:23:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for git The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules (bsc#948969). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SDK-12-SP1-2015-857,SUSE-SLE-SERVER-12-SP1-2015-857 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152325-1/ Link for SUSE-SU-2015:2325-1 https://lists.suse.com/pipermail/sle-security-updates/2015-December/001744.html E-Mail link for SUSE-SU-2015:2325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/948969 SUSE Bug 948969 https://www.suse.com/security/cve/CVE-2015-7545/ SUSE CVE CVE-2015-7545 page SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 git-1.8.5.6-15.1 git-arch-1.8.5.6-15.1 git-core-1.8.5.6-15.1 git-cvs-1.8.5.6-15.1 git-daemon-1.8.5.6-15.1 git-email-1.8.5.6-15.1 git-gui-1.8.5.6-15.1 git-svn-1.8.5.6-15.1 git-web-1.8.5.6-15.1 gitk-1.8.5.6-15.1 git-core-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Server 12 SP1 git-core-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 git-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-arch-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-core-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-cvs-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-daemon-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-email-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-gui-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-svn-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 git-web-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 gitk-1.8.5.6-15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. CVE-2015-7545 SUSE Linux Enterprise Server 12 SP1:git-core-1.8.5.6-15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:git-core-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-arch-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-core-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-cvs-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-daemon-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-email-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-gui-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-svn-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:git-web-1.8.5.6-15.1 SUSE Linux Enterprise Software Development Kit 12 SP1:gitk-1.8.5.6-15.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152325-1/ https://www.suse.com/security/cve/CVE-2015-7545.html CVE-2015-7545 https://bugzilla.suse.com/948969 SUSE Bug 948969 https://bugzilla.suse.com/973177 SUSE Bug 973177 https://bugzilla.suse.com/978391 SUSE Bug 978391