Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 415
Alerts This Week
Warning Icon 1 415

SUSE 15-SP3: SUSE-SU-2021:2561-1 Important: Git Security Update Available

suse
Calendar Grey July 29, 2021
Dist Suse Esm H88
SUSE has released a security patch for git that tackles several vulnerabilities categorized as moderate in severity, alongside essential enhancements and improvements.
An update that solves one vulnerability, contains two features and has two fixes is now available

Summary

This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580)

References

#1168930 #1183026 #1183580 SLE-17838 SLE-18152

Cross- CVE-2021-21300

CVSS scores:

CVE-2021-21300 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21300 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP3

https://www.suse.com/security/cve/CVE-2021-21300.html

https://bugzilla.suse.com/1168930

https://bugzilla.suse.com/1183026

https://bugzilla.suse.com/1183580

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2555-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.