Security update for git SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3150-1 Final 1 1 2018-10-15T12:58:01Z current 2018-10-15T12:58:01Z 2018-10-15T12:58:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for git This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Basesystem-15-2018-2232,SUSE-SLE-Module-Development-Tools-15-2018-2232 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183150-1/ Link for SUSE-SU-2018:3150-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004671.html E-Mail link for SUSE-SU-2018:3150-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1110949 SUSE Bug 1110949 https://www.suse.com/security/cve/CVE-2018-17456/ SUSE CVE CVE-2018-17456 page SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Development Tools 15 git-core-2.16.4-3.6.1 git-2.16.4-3.6.1 git-arch-2.16.4-3.6.1 git-cvs-2.16.4-3.6.1 git-daemon-2.16.4-3.6.1 git-doc-2.16.4-3.6.1 git-email-2.16.4-3.6.1 git-gui-2.16.4-3.6.1 git-svn-2.16.4-3.6.1 git-web-2.16.4-3.6.1 gitk-2.16.4-3.6.1 git-core-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 git-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-arch-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-cvs-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-daemon-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-doc-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-email-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-gui-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-svn-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 git-web-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 gitk-2.16.4-3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. CVE-2018-17456 SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.6.1 SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183150-1/ https://www.suse.com/security/cve/CVE-2018-17456.html CVE-2018-17456 https://bugzilla.suse.com/1110949 SUSE Bug 1110949