Explore top 10 tips to secure your open-source projects now. Read More
×
This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer
#1085256 #1095219 #1100612 #1100613 #1104641
Cross- CVE-2018-10887 CVE-2018-10888 CVE-2018-11235
CVE-2018-15501 CVE-2018-8099
Affected Products:
SUSE Manager Server 3.2
SUSE Manager Server 3.1
SUSE Linux Enterprise Software Development Kit 12-SP3
https://www.suse.com/security/cve/CVE-2018-10887.html
https://www.suse.com/security/cve/CVE-2018-10888.html
https://www.suse.com/security/cve/CVE-2018-11235.html
https://www.suse.com/security/cve/CVE-2018-15501.html
https://www.suse.com/security/cve/CVE-2018-8099.html
https://bugzilla.suse.com/1085256
https://bugzilla.suse.com/1095219
https://bugzilla.suse.com/1100612
https://bugzilla.suse.com/1100613
https://bugzilla.suse.com/1104641
Get the latest Linux and open source security news straight to your inbox.