Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE 2024:0057-1 Critical: Eclipse-JGit File Overwrite

opensuse
Calendar Grey January 8, 2024
Dist Opensuse Esm H88
A recent security patch resolves vulnerabilities related to file overwrites in eclipse-jgit and jsch. Discover why these updates are crucial and the specific measures implemented.
This update for eclipse-jgit, jsch fixes the following issues: Security fix: \- CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted ...

Description

This update for eclipse-jgit, jsch fixes the following issues:

Security fix: \- CVE-2023-4759: Fixed an arbitrary file overwrite which might

have occurred with a specially crafted git repository and a case-insensitive

filesystem. (bsc#1215298)

Other fixes: jsch was updated to version 0.2.9: \- Added support for various

algorithms \- Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork

(bsc#1211955): * Alias to the old artifact since the new one is drop-in

replacement * Keep the old OSGi bundle symbolic name to avoid extensive patching

of eclipse stack \- Updated to version 0.2.9: * For the full list of changes

please consult the upstream changelogs below for each version updated: \+

https://github.com/mwiede/jsch/releases/tag/jsch-0.2.9 \+

https://github.com/mwiede/jsch/releases/tag/jsch-0.2.8 \+

https://github.com/mwiede/jsch/releases/tag/jsch-0.2.7 \+

https://github.com/mwiede/jsch/releases/tag/jsch-0.2.6 \+

https://github.com/mwiede/jsch/releases/tag/jsch-0.2.5 \+

htt...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software update arbitrary file overwrite SUSE Linux Enterprise eclipse-jgit

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2024-57=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2024-57=1

* Development Tools Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2024-57=1

* Development Tools Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-57=1

* SUSE Manager Server 4.3 Module 4.3

zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-57=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-57=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2024-57=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

zypper in -t patch...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (noarch)

* jsch-demo-0.2.9-150200.11.10.1

* jsch-javadoc-0.2.9-150200.11.10.1

* jgit-javadoc-5.11.0-150200.3.15.2

* eclipse-jgit-5.11.0-150200.3.15.2

* jgit-5.11.0-150200.3.15.2

* jsch-0.2.9-150200.11.10.1

* openSUSE Leap 15.5 (noarch)

* eclipse-jgit-5.11.0-150200.3.15.2

* jsch-demo-0.2.9-150200.11.10.1

* jsch-javadoc-0.2.9-150200.11.10.1

* jsch-0.2.9-150200.11.10.1

* Development Tools Module 15-SP4 (noarch)

* jsch-0.2.9-150200.11.10.1

* Development Tools Module 15-SP5 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Manager Server 4.3 Module 4.3 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)

* jsch-0.2.9-150200.11.10.1

* SUSE Linux Enterprise...

Read the Full Advisory

References

* bsc#1209646

* bsc#1211955

* bsc#1215298

* jsc#PED-6376

* jsc#PED-6377

## References:

* https://www.suse.com/security/cve/CVE-2023-4759.html

* https://bugzilla.suse.com/show_bug.cgi?id=1209646

* https://bugzilla.suse.com/show_bug.cgi?id=1211955

* https://bugzilla.suse.com/show_bug.cgi?id=1215298

*

*

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0057-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update arbitrary file overwrite SUSE Linux Enterprise eclipse-jgit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here