Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

SUSE Linux Enterprise: 2018:3440-1 Moderate: libgit2 Denial Of Service

suse
Calendar Grey October 25, 2018
Dist Suse Esm H88
SUSE has released a security update for libgit2, targeting significant vulnerabilities that may impact system integrity and protection, categorized under a moderate advisory.
An update that fixes 5 vulnerabilities is now available

Summary

This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer

References

#1085256 #1095219 #1100612 #1100613 #1104641

Cross- CVE-2018-10887 CVE-2018-10888 CVE-2018-11235

CVE-2018-15501 CVE-2018-8099

Affected Products:

SUSE Manager Server 3.2

SUSE Manager Server 3.1

SUSE Linux Enterprise Software Development Kit 12-SP3

https://www.suse.com/security/cve/CVE-2018-10887.html

https://www.suse.com/security/cve/CVE-2018-10888.html

https://www.suse.com/security/cve/CVE-2018-11235.html

https://www.suse.com/security/cve/CVE-2018-15501.html

https://www.suse.com/security/cve/CVE-2018-8099.html

https://bugzilla.suse.com/1085256

https://bugzilla.suse.com/1095219

https://bugzilla.suse.com/1100612

https://bugzilla.suse.com/1100613

https://bugzilla.suse.com/1104641

Announcement ID: SUSE-SU-2018:3440-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.