Oval Definition:oval:org.opensuse.security:def:201715041
Revision Date:2023-06-22Version:1
Title:CVE-2017-15041
Description:

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2017-15041
SUSE CVE-2017-15041
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • go-1.17-1.1 is installed
  • OR go-doc-1.17-1.1 is installed
  • OR go-race-1.17-1.1 is installed
  • OR go1.10-1.10.8-8.2 is installed
  • OR go1.10-doc-1.10.8-8.2 is installed
  • OR go1.10-race-1.10.8-8.2 is installed
  • OR go1.11-1.11.13-10.5 is installed
  • OR go1.11-doc-1.11.13-10.5 is installed
  • OR go1.11-race-1.11.13-10.5 is installed
  • OR go1.12-1.12.17-4.8 is installed
  • OR go1.12-doc-1.12.17-4.8 is installed
  • OR go1.12-race-1.12.17-4.8 is installed
  • OR go1.4-1.4.3-12.2 is installed
  • OR go1.4-doc-1.4.3-12.2 is installed
  • OR go1.4-race-1.4.3-12.2 is installed
  • OR go1.9-1.9.7-11.2 is installed
  • OR go1.9-doc-1.9.7-11.2 is installed
  • OR go1.9-race-1.9.7-11.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND go-1.19-150000.3.26.1 is installed
    • BACK