openSUSE Security Update : git (openSUSE-2017-624)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for git fixes the following issues :

- git 2.12.3 :

- CVE-2017-8386: Fix git-shell not to escape with the
starting dash name (bsc#1038395)

- Fix for potential segv introduced in v2.11.0 and later

- Misc fixes and cleanups.

- git 2.12.2 :

- CLI output fixes

- 'Dump http' transport fixes

- various fixes for internal code paths

- Trailer 'Cc:' RFC fix

- git 2.12.1 :

- Reduce authentication round-trip over HTTP when the
server supports just a single authentication method.

- 'git add -i' patch subcommand fixed to have a path
selection

- various path verification fixes

- fix 'git log -L...' buffer overrun

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1038395

Solution :

Update the affected git packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 100500 ()

Bugtraq ID:

CVE ID: CVE-2017-8386

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now