Mailinglist Archive: opensuse-updates (64 mails)

< Previous Next >
openSUSE-SU-2015:1096-1: moderate: Security update for cgit
openSUSE Security Update: Security update for cgit
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1096-1
Rating: moderate
References: #910756
Cross-References: CVE-2014-9390
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

The git web frontend cgit was updated to 0.11.2 to fix security issues and
bugs.

The following vulnerabilities were fixed:

* CVE-2014-9390: arbitrary command execution vulnerability on
case-insensitive file systems in git. Malicious commits could affect
client users on all platforms using case-insensitive file systems when
using vulnerable git versions.

In addition cgit was updated to 0.11.2 with minor improvements and bug
fixes.

The embedded git version was updated to 2.4.3.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-436=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-436=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

cgit-0.11.2-13.3.1
cgit-debuginfo-0.11.2-13.3.1
cgit-debugsource-0.11.2-13.3.1

- openSUSE 13.1 (i586 x86_64):

cgit-0.11.2-11.3.1
cgit-debuginfo-0.11.2-11.3.1
cgit-debugsource-0.11.2-11.3.1


References:

https://www.suse.com/security/cve/CVE-2014-9390.html
https://bugzilla.suse.com/910756


< Previous Next >
This Thread
  • No further messages