openSUSE-SU-2015:0673-1: moderate: Security update for libgit2

openSUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0673-1 Rating: moderate References: #925040 Cross-References: CVE-2014-9390 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems. The following vulnerability was fixed: * When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390). The configuration is uncommon as all default file systems on openSUSE are case sensitive. Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-288=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-288=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libgit2-21-0.21.5-2.3.1 libgit2-21-debuginfo-0.21.5-2.3.1 libgit2-debugsource-0.21.5-2.3.1 libgit2-devel-0.21.5-2.3.1 - openSUSE 13.1 (i586 x86_64): libgit2-0-0.19.0-2.3.1 libgit2-0-debuginfo-0.19.0-2.3.1 libgit2-debugsource-0.19.0-2.3.1 libgit2-devel-0.19.0-2.3.1 References: https://www.suse.com/security/cve/CVE-2014-9390.html https://bugzilla.suse.com/925040
participants (1)
-
opensuse-security@opensuse.org