Explore top 10 tips to secure your open-source projects now. Read More
×
This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580)
#1168930 #1183026 #1183580 SLE-17838 SLE-18152
Cross- CVE-2021-21300
CVSS scores:
CVE-2021-21300 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-21300 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
https://www.suse.com/security/cve/CVE-2021-21300.html
https://bugzilla.suse.com/1168930
https://bugzilla.suse.com/1183026
https://bugzilla.suse.com/1183580
Get the latest Linux and open source security news straight to your inbox.