SUSE-SU-2024:1854-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20241854-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1854-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:1854-1
- Related
- Published
- 2024-05-30T12:11:40Z
- Modified
- 2024-05-30T12:11:40Z
- Summary
- Security update for git
- Details
-
This update for git fixes the following issues:
- CVE-2024-32002: Fixed case confusion with recursive clones on case-insensitive filesystems that support symbolic links (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170)
- CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171)
- CVE-2024-32021: Fixed issue where git created hardlinks to arbitrary user-readable files (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20241854-1/
- https://bugzilla.suse.com/1224168
- https://bugzilla.suse.com/1224170
- https://bugzilla.suse.com/1224171
- https://bugzilla.suse.com/1224172
- https://bugzilla.suse.com/1224173
- https://www.suse.com/security/cve/CVE-2024-32002
- https://www.suse.com/security/cve/CVE-2024-32004
- https://www.suse.com/security/cve/CVE-2024-32020
- https://www.suse.com/security/cve/CVE-2024-32021
- https://www.suse.com/security/cve/CVE-2024-32465
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.26.2-150000.56.1
Ecosystem specific
{
"binaries": [
{
"git-core": "2.26.2-150000.56.1",
"git-email": "2.26.2-150000.56.1",
"git": "2.26.2-150000.56.1",
"git-svn": "2.26.2-150000.56.1",
"gitk": "2.26.2-150000.56.1",
"git-cvs": "2.26.2-150000.56.1",
"git-daemon": "2.26.2-150000.56.1",
"git-doc": "2.26.2-150000.56.1",
"git-gui": "2.26.2-150000.56.1",
"git-arch": "2.26.2-150000.56.1",
"git-web": "2.26.2-150000.56.1"
}
]
}
SUSE:Linux Enterprise Server 15 SP2-LTSS / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.26.2-150000.56.1
Ecosystem specific
{
"binaries": [
{
"git-core": "2.26.2-150000.56.1",
"git-email": "2.26.2-150000.56.1",
"git": "2.26.2-150000.56.1",
"git-svn": "2.26.2-150000.56.1",
"gitk": "2.26.2-150000.56.1",
"git-cvs": "2.26.2-150000.56.1",
"git-daemon": "2.26.2-150000.56.1",
"git-doc": "2.26.2-150000.56.1",
"git-gui": "2.26.2-150000.56.1",
"git-arch": "2.26.2-150000.56.1",
"git-web": "2.26.2-150000.56.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.26.2-150000.56.1
Ecosystem specific
{
"binaries": [
{
"git-core": "2.26.2-150000.56.1",
"git-email": "2.26.2-150000.56.1",
"git": "2.26.2-150000.56.1",
"git-svn": "2.26.2-150000.56.1",
"gitk": "2.26.2-150000.56.1",
"git-cvs": "2.26.2-150000.56.1",
"git-daemon": "2.26.2-150000.56.1",
"git-doc": "2.26.2-150000.56.1",
"git-gui": "2.26.2-150000.56.1",
"git-arch": "2.26.2-150000.56.1",
"git-web": "2.26.2-150000.56.1"
}
]
}