Bug 1095218 (CVE-2018-11233) - VUL-0: git: CVE-2018-11233: git: path sanity-checks on NTFS can read arbitrary memory
Summary: VUL-0: git: CVE-2018-11233: git: path sanity-checks on NTFS can read arbitrar...
Status: RESOLVED FIXED
Alias: CVE-2018-11233
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/206664/
Whiteboard: CVSSv2:NVD:CVE-2018-11233:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-30 13:31 UTC by Victor Pereira
Modified: 2020-05-01 22:26 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2018-05-30 13:31:42 UTC
rh#1583888

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before
2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can
result in reading out-of-bounds memory.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1583888
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11233
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11233.html
https://marc.info/?l=git&m=152761328506724&w=2
https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct.c.googlers.com/
Comment 1 Takashi Iwai 2018-05-30 14:46:07 UTC
FACTORY was already updated to 2.17.1.

SLE15 / Leap 15.0 will be fixed via the update to 2.16.4. MR#165936
Leap 42.3 will be fixed via the update to 2.13.7.  MR#613089

SLE12 and older need manual backports.  Working on them.
Comment 3 Swamp Workflow Management 2018-05-30 15:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1095218) was mentioned in
https://build.opensuse.org/request/show/613089 42.3 / git
https://build.opensuse.org/request/show/613093 Factory / git
Comment 4 Takashi Iwai 2018-05-30 15:49:21 UTC
SLE12 -> MR#165944
Comment 6 Swamp Workflow Management 2018-05-30 17:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1095218) was mentioned in
https://build.opensuse.org/request/show/613100 15.0 / git
Comment 7 Swamp Workflow Management 2018-06-06 01:07:17 UTC
openSUSE-SU-2018:1553-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1095218,1095219
CVE References: CVE-2018-11233,CVE-2018-11235
Sources used:
openSUSE Leap 42.3 (src):    git-2.13.7-13.1
openSUSE Leap 15.0 (src):    git-2.16.4-lp150.2.3.1
Comment 8 Swamp Workflow Management 2018-06-07 13:08:41 UTC
SUSE-SU-2018:1566-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1095218,1095219
CVE References: CVE-2018-11233,CVE-2018-11235
Sources used:
SUSE OpenStack Cloud 8 (src):    git-2.12.3-27.14.1
SUSE OpenStack Cloud 7 (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server 12-SP3 (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    git-2.12.3-27.14.1
SUSE Linux Enterprise Server 12-LTSS (src):    git-2.12.3-27.14.1
SUSE Enterprise Storage 4 (src):    git-2.12.3-27.14.1
SUSE CaaS Platform ALL (src):    git-2.12.3-27.14.1
OpenStack Cloud Magnum Orchestration 7 (src):    git-2.12.3-27.14.1
HPE Helion OpenStack 8 (src):    git-2.12.3-27.14.1
Comment 9 Takashi Iwai 2018-06-07 14:37:43 UTC
For SLE11 and older, it's very tough to backport these fixes, as the code base has been changed too much.

So I concluded that it's rather too risky to backport them forcibly, and leave them.

Back to security team.
Comment 10 Johannes Segitz 2018-10-10 13:04:41 UTC
SUSE will not provide a fix for older products for this issue since the risk to our customers posed by this is negligible.
Comment 11 Swamp Workflow Management 2018-10-18 17:06:22 UTC
SUSE-SU-2018:1566-2: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1095218,1095219
CVE References: CVE-2018-11233,CVE-2018-11235
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    git-2.12.3-27.14.1
Comment 19 Swamp Workflow Management 2020-04-28 10:35:59 UTC
SUSE-SU-2020:1121-1: An update that solves 15 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1063412,1095218,1095219,1110949,1112230,1114225,1132350,1149792,1156651,1158785,1158787,1158788,1158789,1158790,1158791,1158792,1158793,1158795,1167890,1168930,1169605,1169786,1169936
CVE References: CVE-2017-15298,CVE-2018-11233,CVE-2018-11235,CVE-2018-17456,CVE-2019-1348,CVE-2019-1349,CVE-2019-1350,CVE-2019-1351,CVE-2019-1352,CVE-2019-1353,CVE-2019-1354,CVE-2019-1387,CVE-2019-19604,CVE-2020-11008,CVE-2020-5260
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    git-2.26.1-3.25.2
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    git-2.26.1-3.25.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    git-2.26.1-3.25.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2020-05-01 22:26:57 UTC
openSUSE-SU-2020:0598-1: An update that solves 15 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1063412,1095218,1095219,1110949,1112230,1114225,1132350,1149792,1156651,1158785,1158787,1158788,1158789,1158790,1158791,1158792,1158793,1158795,1167890,1168930,1169605,1169786,1169936
CVE References: CVE-2017-15298,CVE-2018-11233,CVE-2018-11235,CVE-2018-17456,CVE-2019-1348,CVE-2019-1349,CVE-2019-1350,CVE-2019-1351,CVE-2019-1352,CVE-2019-1353,CVE-2019-1354,CVE-2019-1387,CVE-2019-19604,CVE-2020-11008,CVE-2020-5260
Sources used:
openSUSE Leap 15.1 (src):    git-2.26.1-lp151.4.9.1