Mailinglist Archive: opensuse-updates (61 mails)

< Previous Next >
openSUSE-SU-2015:0673-1: moderate: Security update for libgit2
openSUSE Security Update: Security update for libgit2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0673-1
Rating: moderate
References: #925040
Cross-References: CVE-2014-9390
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

libgit2 was updated to fix an arbitrary command execution vulnerability on
case-insentitive file systems.

The following vulnerability was fixed:

* When using programs using libgit2 on case-insensitive filesystems,
.git/config could be overwritten, which allowed execution of arbitrary
commands (boo#925040, CVE-2014-9390).

The configuration is uncommon as all default file systems on openSUSE are
case sensitive.

Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to
backport further critical fixes.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-288=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-288=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

libgit2-21-0.21.5-2.3.1
libgit2-21-debuginfo-0.21.5-2.3.1
libgit2-debugsource-0.21.5-2.3.1
libgit2-devel-0.21.5-2.3.1

- openSUSE 13.1 (i586 x86_64):

libgit2-0-0.19.0-2.3.1
libgit2-0-debuginfo-0.19.0-2.3.1
libgit2-debugsource-0.19.0-2.3.1
libgit2-devel-0.19.0-2.3.1


References:

https://www.suse.com/security/cve/CVE-2014-9390.html
https://bugzilla.suse.com/925040


< Previous Next >
This Thread
  • No further messages