Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro: 2025:20049-1 important: git updates and issues

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
This bulletin highlights significant upgrades for git on SUSE Linux Micro, focusing on essential concerns and security threats.
* bsc#1042640 * bsc#1061041 * bsc#1069468 * bsc#1082023 * bsc#1216545

Summary

## This update for git fixes the following issues: git was updated to 2.45.1: * CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168) * CVE-2024-32004: arbitrary code execution during local clones (bsc#1224170) * CVE-2024-32020: file overwriting vulnerability during local clones (bsc#1224171) * CVE-2024-32021: git may create hardlinks to arbitrary user- readable files (bsc#1224172) * CVE-2024-32465: arbitrary code execution during clone operations (bsc#1224173) Update to 2.45.0: * Improved efficiency managing repositories with many references ("git init --ref-format=reftable") * "git checkout -p" and friends learned that that "@" is a synonym for "HEAD" * cli improvements handling refs

References

* bsc#1042640

* bsc#1061041

* bsc#1069468

* bsc#1082023

* bsc#1216545

* bsc#1218588

* bsc#1218664

* bsc#1224168

* bsc#1224170

* bsc#1224171

* bsc#1224172

* bsc#1224173

* bsc#779536

* jsc#SLE-17838

Cross-

* CVE-2005-4900

* CVE-2017-14867

* CVE-2024-32002

* CVE-2024-32004

* CVE-2024-32020

* CVE-2024-32021

* CVE-2024-32465

CVSS scores:

* CVE-2005-4900 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2017-14867 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2017-14867 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-32002 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-32002 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2024-32004 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20049-1
Release Date: 2025-02-03T08:56:21Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here