Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Security Update 2022:3496-1 for libxml2 Vulnerability Issues

suse
Calendar Grey October 4, 2022
Dist Suse Esm H88
SUSE has launched an important security update for libgit2, focusing on critical DoS and command injection vulnerabilities to enhance application security and stability
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents (bsc#1158981). - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams (bnc#1158790). - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3495=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3495=1 - SUSE Manager Server 4.1:

Topics%20covered

Topics Covered

security advisory critical DoS vulnerability SUSE command injection libgit2

References

#1158790 #1158981 #1198234 #1201431

Cross- CVE-2019-1352 CVE-2022-24765 CVE-2022-29187

CVSS scores:

CVE-2019-1352 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3495-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical DoS vulnerability SUSE command injection libgit2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here