Mailinglist Archive: opensuse-updates (64 mails)
< Previous | Next > |
openSUSE-SU-2015:1096-1: moderate: Security update for cgit
- From: opensuse-security@xxxxxxxxxxxx
- Date: Mon, 22 Jun 2015 14:06:39 +0200 (CEST)
- Message-id: <20150622120639.E6EA631FFD@maintenance.suse.de>
openSUSE Security Update: Security update for cgit
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:1096-1
Rating: moderate
References: #910756
Cross-References: CVE-2014-9390
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The git web frontend cgit was updated to 0.11.2 to fix security issues and
bugs.
The following vulnerabilities were fixed:
* CVE-2014-9390: arbitrary command execution vulnerability on
case-insensitive file systems in git. Malicious commits could affect
client users on all platforms using case-insensitive file systems when
using vulnerable git versions.
In addition cgit was updated to 0.11.2 with minor improvements and bug
fixes.
The embedded git version was updated to 2.4.3.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-436=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-436=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
cgit-0.11.2-13.3.1
cgit-debuginfo-0.11.2-13.3.1
cgit-debugsource-0.11.2-13.3.1
- openSUSE 13.1 (i586 x86_64):
cgit-0.11.2-11.3.1
cgit-debuginfo-0.11.2-11.3.1
cgit-debugsource-0.11.2-11.3.1
References:
https://www.suse.com/security/cve/CVE-2014-9390.html
https://bugzilla.suse.com/910756
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:1096-1
Rating: moderate
References: #910756
Cross-References: CVE-2014-9390
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The git web frontend cgit was updated to 0.11.2 to fix security issues and
bugs.
The following vulnerabilities were fixed:
* CVE-2014-9390: arbitrary command execution vulnerability on
case-insensitive file systems in git. Malicious commits could affect
client users on all platforms using case-insensitive file systems when
using vulnerable git versions.
In addition cgit was updated to 0.11.2 with minor improvements and bug
fixes.
The embedded git version was updated to 2.4.3.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-436=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-436=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
cgit-0.11.2-13.3.1
cgit-debuginfo-0.11.2-13.3.1
cgit-debugsource-0.11.2-13.3.1
- openSUSE 13.1 (i586 x86_64):
cgit-0.11.2-11.3.1
cgit-debuginfo-0.11.2-11.3.1
cgit-debugsource-0.11.2-11.3.1
References:
https://www.suse.com/security/cve/CVE-2014-9390.html
https://bugzilla.suse.com/910756
< Previous | Next > |