openSUSE Leap 42.3 Security Update 2018:3519-1 Moderate: libgit2 DoS

This update for libgit2 fixes the following issues:

- CVE-2018-8099: Fixed possible denial of service attack via different

vectors by not being able to differentiate between these status codes

(bsc#1085256).

- CVE-2018-11235: With a crafted .gitmodules file, a malicious project can

execute an arbitrary script on a machine that runs "git clone

--recurse-submodules" because submodule "names" are obtained from this

file, and then appended to $GIT_DIR/modules, leading to directory

traversal with "../" in a name. Finally, post-checkout hooks from a

submodule are executed, bypassing the intended design in which hooks are

not obtained from a remote server. (bsc#1095219)

- CVE-2018-10887: It has been discovered that an unexpected sign extension

in git_delta_apply function in delta.c file may have lead to an integer

overflow which in turn leads to an out of bound read, allowing to read

before the base object. An attacker...