Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 276 articles for you...
172

Ubuntu 18.04 LTS Git Important Regression USN-5376-6 Arbitrary Commands

USN-5376-1 introduced a regression in Git. ========================================================================== Ubuntu Security Notice USN-5376-6 March 02, 2026 git regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-5376-1 introduced a regression in Git Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: \u4fde\u6668\u4e1c discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS git 1:2.17.1-1ubuntu0.18+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-6 https://ubuntu.com/security/notices/USN-5376-5 https://ubuntu.com/security/notices/USN-5376-4 https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-2 https://ubuntu.com/security/notices/USN-5376-1 https://launchpad.net/bugs/2142239 . A regression in Git for Ubuntu 18.04 LTS allows potential arbitrary commands. Immediate updates recommended.. Git Security Update, Ubuntu 18-04 LTS Security, Git Regression Fix, Ubuntu Repositories Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 02, 2026 Important Ubuntu
172

Ubuntu 22.04 20.04 Git Key Regression Resolution USN-5376-5

USN-5376-4 introduced a regression in Git. ========================================================================== Ubuntu Security Notice USN-5376-5 February 27, 2026 git regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: USN-5376-4 introduced a regression in Git Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: \u4fde\u6668\u4e1c discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS git 1:2.34.1-1ubuntu1.17 Ubuntu 20.04 LTS git 1:2.25.1-1ubuntu3.14+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-5 https://ubuntu.com/security/notices/USN-5376-4 https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-2 https://ubuntu.com/security/notices/USN-5376-1 https://launchpad.net/bugs/2142790 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.17 . Update resolves Git regression affecting multiple Ubuntu releases. Fixes security issues and improves usability.. Ubuntu Git Regression Arbitrary Commands Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 27, 2026 Important Ubuntu
172

Ubuntu 22.04 LTS Git Regression USN-5376-4 Command Line Fix

USN-5376-1 introduced a regression in Git. ========================================================================== Ubuntu Security Notice USN-5376-4 February 25, 2026 git regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: USN-5376-1 introduced a regression in Git Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety checks introduced in the update were not able to be set using the command line, contrary to expectations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: \u4fde\u6668\u4e1c discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS git 1:2.34.1-1ubuntu1.16 Ubuntu 20.04 LTS git 1:2.25.1-1ubuntu3.14+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-4 https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-2 https://ubuntu.com/security/notices/USN-5376-1 https://launchpad.net/bugs/2142239 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.16 . Details on Git regression in Ubuntu impacting versions 20.04 LTS and 22.04 LTS. Essential for system administrators.. Ubuntu Git issue regression command line. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 27, 2026 Important Ubuntu
172

Ubuntu 18.04: Git Critical Credential Issues USN-7964-1 CVE-2024-50349

Several security issues were fixed in Git.. ========================================================================== Ubuntu Security Notice USN-7964-1 January 15, 2026 git vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Git. Software Description: - git: fast, scalable, distributed revision control system Details: It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. (CVE-2024-50349) It was discovered that Git did not properly handle carriage return characters in its credential protocol. An attacker could use this issue to send unexpected data to credential helpers, possibly leading to a user being tricked into disclosing sensitive information. (CVE-2024-52006) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS git 1:2.17.1-1ubuntu0.18+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS git 1:2.7.4-0ubuntu1.10+esm13 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7964-1 CVE-2024-50349, CVE-2024-52006 . Multiple Git issues resolved in Ubuntu's 18.04 and 16.04 for safer credential handling. Update recommended to prevent risks.. Git Update, Ubuntu Security, Credential Management, User Safety. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 15, 2026 Critical Ubuntu
197

Debian 11: Git Critical Issues Fix DLA-4323-1 CVE-2025-27613

CVE-2025-27613 With Gitk, the Git history browser, when a user clones an untrusted repository and runs gitk without additional command arguments, . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4323-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andrej Shadura October 06, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : git Version : 1:2.30.2-1+deb11u5 CVE ID : CVE-2025-27613 CVE-2025-46835 CVE-2025-48384 CVE-2025-27613 With Gitk, the Git history browser, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). CVE-2025-46835 When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. CVE-2025-48384 When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionallyexecuted after checkout. For Debian 11 bullseye, these problems have been fixed in version 1:2.30.2-1+deb11u5. We recommend that you upgrade your git packages. For the detailed security status of git please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/git Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade Git for Debian to mitigate critical security risks related to remote code execution and file overwriting issues.. Debian Git Security Update Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 06, 2025 Critical Debian LTS
202

openSUSE 15.3: Resolving Key Git Issues Fixed in Update 2025:03037-1

An update that solves five vulnerabilities and contains one feature can now be installed.. # Security update for git Announcement ID: SUSE-SU-2025:03037-1 Release Date: 2025-09-01T12:46:22Z Rating: important References: * bsc#1245938 * bsc#1245939 * bsc#1245942 * bsc#1245943 * bsc#1245946 * jsc#PED-13447 Cross-References: * CVE-2025-27613 * CVE-2025-27614 * CVE-2025-46835 * CVE-2025-48384 * CVE-2025-48385 CVSS scores: * CVE-2025-27613 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-27614 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-27614 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-27614 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-46835 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-48384 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-48385 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48385 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48385 ( NVD ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSELinux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for git fixes the following issues: Updated to 2.43.7 (jsc#PED-13447): * CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk (bsc#1245938) * CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk (bsc#1245939) * CVE-2025-46835: Fixed arbitrary writable file creation via untrusted repository clonation in Git GUI (bsc#1245942) * CVE-2025-48384: Fixed arbitrary writable file creation when cloning untrusted repositories with submodules using the --recursive flag (bsc#1245943) * CVE-2025-48385: Fixed arbitrary code execution due to protocol injection via fetching advertised bundle (bsc#1245946) Other fixes: * Drop git-credential-gnome-keyring package as it was dropped upstream, use git-credential-libsecretinstead * git-add--interactive was removed upstream in favor of built in implementation, which was already the default in SLE. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3037=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3037=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3037=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3037=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3037=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3037=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3037=1 ## Package List: * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * git-credential-libsecret-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-p4-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-credential-libsecret-debuginfo-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 *git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance ComputingLTSS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 *git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 *git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAPApplications 15 SP5 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27613.html * https://www.suse.com/security/cve/CVE-2025-27614.html * https://www.suse.com/security/cve/CVE-2025-46835.html * https://www.suse.com/security/cve/CVE-2025-48384.html * https://www.suse.com/security/cve/CVE-2025-48385.html * https://bugzilla.suse.com/show_bug.cgi?id=1245938 * https://bugzilla.suse.com/show_bug.cgi?id=1245939 * https://bugzilla.suse.com/show_bug.cgi?id=1245942 * https://bugzilla.suse.com/show_bug.cgi?id=1245943 * https://bugzilla.suse.com/show_bug.cgi?id=1245946 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-13447&page_caps=&user_role= . Tackling significant weaknesses within git for openSUSE: essential patches to avert unapproved entry and operation.. openSUSE git updates vulnerabilities execution fixes. . Severity:Important. LinuxSecurity.com Team

Calendar%202 Sep 01, 2025 Important OpenSUSE
100

SUSE: Git Critical Update for Arbitrary Code Execution CVE-2025-27613

* bsc#1245938 * bsc#1245939 * bsc#1245942 * bsc#1245943 * bsc#1245946 . # Security update for git Announcement ID: SUSE-SU-2025:03037-1 Release Date: 2025-09-01T12:46:22Z Rating: important References: * bsc#1245938 * bsc#1245939 * bsc#1245942 * bsc#1245943 * bsc#1245946 * jsc#PED-13447 Cross-References: * CVE-2025-27613 * CVE-2025-27614 * CVE-2025-46835 * CVE-2025-48384 * CVE-2025-48385 CVSS scores: * CVE-2025-27613 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-27614 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-27614 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-27614 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-46835 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-48384 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-48385 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48385 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48385 ( NVD ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise HighPerformance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for git fixes the following issues: Updated to 2.43.7 (jsc#PED-13447): * CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk (bsc#1245938) * CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk (bsc#1245939) * CVE-2025-46835: Fixed arbitrary writable file creation via untrusted repository clonation in Git GUI (bsc#1245942) * CVE-2025-48384: Fixed arbitrary writable file creation when cloning untrusted repositories with submodules using the --recursive flag (bsc#1245943) * CVE-2025-48385: Fixed arbitrary code execution due to protocol injection via fetching advertised bundle (bsc#1245946) Other fixes: * Drop git-credential-gnome-keyring package as it was dropped upstream, use git-credential-libsecret instead *git-add--interactive was removed upstream in favor of built in implementation, which was already the default in SLE. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3037=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3037=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3037=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3037=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3037=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3037=1 ## Package List: * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * git-credential-libsecret-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-p4-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-credential-libsecret-debuginfo-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 *perl-Git-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 *git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 *git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) *git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27613.html * https://www.suse.com/security/cve/CVE-2025-27614.html * https://www.suse.com/security/cve/CVE-2025-46835.html * https://www.suse.com/security/cve/CVE-2025-48384.html * https://www.suse.com/security/cve/CVE-2025-48385.html * https://bugzilla.suse.com/show_bug.cgi?id=1245938 * https://bugzilla.suse.com/show_bug.cgi?id=1245939 * https://bugzilla.suse.com/show_bug.cgi?id=1245942 * https://bugzilla.suse.com/show_bug.cgi?id=1245943 * https://bugzilla.suse.com/show_bug.cgi?id=1245946 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-13447&page_caps=&user_role= . Uncover the vital security patch for git on SUSE, addressing numerous vulnerabilities alongside crucial installation instructions.. SUSE important security Git update, Git arbitrary code execution, SUSE vulnerabilities. . Severity:Important. LinuxSecurity.com Team

Calendar%202 Sep 01, 2025 Important SuSE
100

SUSE: Important Security Updates for Git CVE-2025-27613 CVE-2025-46835

* bsc#1245938 * bsc#1245942 * bsc#1245943 Cross-References: . # Security update for git Announcement ID: SUSE-SU-2025:03022-1 Release Date: 2025-08-29T11:52:01Z Rating: important References: * bsc#1245938 * bsc#1245942 * bsc#1245943 Cross-References: * CVE-2025-27613 * CVE-2025-46835 * CVE-2025-48384 CVSS scores: * CVE-2025-27613 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-46835 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-48384 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk (bsc#1245938) * CVE-2025-46835: Fixed arbitrary writable file creation when cloning untrusted repository in Git GUI (bsc#1245942) * CVE-2025-48384: Fixed arbitrary writable file creation when cloning untrusted repositories with submodules using the --recursive flag (bsc#1245943) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methodslike YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3022=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3022=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * git-debugsource-2.26.2-27.81.1 * git-daemon-2.26.2-27.81.1 * git-web-2.26.2-27.81.1 * git-svn-2.26.2-27.81.1 * git-daemon-debuginfo-2.26.2-27.81.1 * git-email-2.26.2-27.81.1 * git-core-2.26.2-27.81.1 * git-2.26.2-27.81.1 * git-core-debuginfo-2.26.2-27.81.1 * gitk-2.26.2-27.81.1 * git-gui-2.26.2-27.81.1 * git-cvs-2.26.2-27.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * git-debugsource-2.26.2-27.81.1 * git-daemon-2.26.2-27.81.1 * git-web-2.26.2-27.81.1 * git-svn-2.26.2-27.81.1 * git-daemon-debuginfo-2.26.2-27.81.1 * git-email-2.26.2-27.81.1 * git-core-2.26.2-27.81.1 * git-2.26.2-27.81.1 * git-core-debuginfo-2.26.2-27.81.1 * gitk-2.26.2-27.81.1 * git-gui-2.26.2-27.81.1 * git-cvs-2.26.2-27.81.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27613.html * https://www.suse.com/security/cve/CVE-2025-46835.html * https://www.suse.com/security/cve/CVE-2025-48384.html * https://bugzilla.suse.com/show_bug.cgi?id=1245938 * https://bugzilla.suse.com/show_bug.cgi?id=1245942 * https://bugzilla.suse.com/show_bug.cgi?id=1245943 . Critical patch released for SUSE to fix significant vulnerabilities in Docker, addressing unauthorized directory manipulation flaws.. SUSE security update, Git vulnerabilities, important patch, software security, SUSE patching. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 29, 2025 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200