SUSE-SU-2025:03012-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202503012-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03012-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:03012-1
Upstream
Related
Published
2025-08-29T00:07:40Z
Modified
2025-08-29T20:15:51.186317Z
Summary
security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Details

This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:

git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):

  • Security issues fixed:

    • CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
    • CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
    • CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
    • CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
    • CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)

  • Other changes and bugs fixed:

  • Other changes and bugs fixed:

    • Added SHA256 support (bsc#1243197)
    • Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588)
    • gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
    • Do not replace apparmor configuration (bsc#1216545)
    • Fixed the Python version required (bsc#1212476)

  • Version Updates Release Notes:

    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
    • https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc

git-lfs is included in version 3.7.0.

python-PyYAML was updated from version 6.0.1 to 6.0.2:

  • Added support for Cython 3.x and Python 3.13

obs-scm-bridge was updated from version 0.5.4 to 0.7.4:

  • New Features and Improvements:

    • Manifest File Support: Support has been added for a _manifest file, which serves as a successor to the _subdirs file.
    • Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files.
    • Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout.
    • Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
    • SSH URL Support: ssh:// SCM URLs can now be used.
    • Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
    • Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs.
    • Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
    • Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
    • Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.

  • Bugs fixed:

    • Syntax Fix: A syntax issue was corrected.
    • Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs.
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP6 / git

Package

Name
git
Purl
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.51.0-150600.3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-core": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP7 / git

Package

Name
git
Purl
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.51.0-150600.3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-core": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / git

Package

Name
git
Purl
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.51.0-150600.3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / git-lfs

Package

Name
git-lfs
Purl
pkg:rpm/suse/git-lfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.0-150600.13.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / obs-scm-bridge

Package

Name
obs-scm-bridge
Purl
pkg:rpm/suse/obs-scm-bridge&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.4-150600.14.4.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP7 / git

Package

Name
git
Purl
pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.51.0-150600.3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP7 / git-lfs

Package

Name
git-lfs
Purl
pkg:rpm/suse/git-lfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.0-150600.13.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP7 / obs-scm-bridge

Package

Name
obs-scm-bridge
Purl
pkg:rpm/suse/obs-scm-bridge&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.4-150600.14.4.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git": "2.51.0-150600.3.12.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Python 3 15 SP6 / python-PyYAML

Package

Name
python-PyYAML
Purl
pkg:rpm/suse/python-PyYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-150600.10.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python311-PyYAML": "6.0.2-150600.10.3.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Python 3 15 SP7 / python-PyYAML

Package

Name
python-PyYAML
Purl
pkg:rpm/suse/python-PyYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-150600.10.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python311-PyYAML": "6.0.2-150600.10.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / git

Package

Name
git
Purl
pkg:rpm/opensuse/git&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.51.0-150600.3.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "git-p4": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "git": "2.51.0-150600.3.12.1",
            "git-core": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "python311-PyYAML": "6.0.2-150600.10.3.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git-credential-libsecret": "2.51.0-150600.3.12.1"
        }
    ]
}

openSUSE:Leap 15.6 / git-lfs

Package

Name
git-lfs
Purl
pkg:rpm/opensuse/git-lfs&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.0-150600.13.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "git-p4": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "git": "2.51.0-150600.3.12.1",
            "git-core": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "python311-PyYAML": "6.0.2-150600.10.3.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git-credential-libsecret": "2.51.0-150600.3.12.1"
        }
    ]
}

openSUSE:Leap 15.6 / obs-scm-bridge

Package

Name
obs-scm-bridge
Purl
pkg:rpm/opensuse/obs-scm-bridge&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.4-150600.14.4.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "git-p4": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "git": "2.51.0-150600.3.12.1",
            "git-core": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "python311-PyYAML": "6.0.2-150600.10.3.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git-credential-libsecret": "2.51.0-150600.3.12.1"
        }
    ]
}

openSUSE:Leap 15.6 / python-PyYAML

Package

Name
python-PyYAML
Purl
pkg:rpm/opensuse/python-PyYAML&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-150600.10.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-web": "2.51.0-150600.3.12.1",
            "git-p4": "2.51.0-150600.3.12.1",
            "obs-scm-bridge": "0.7.4-150600.14.4.1",
            "git-svn": "2.51.0-150600.3.12.1",
            "git-lfs": "3.7.0-150600.13.3.1",
            "git": "2.51.0-150600.3.12.1",
            "git-core": "2.51.0-150600.3.12.1",
            "git-doc": "2.51.0-150600.3.12.1",
            "git-cvs": "2.51.0-150600.3.12.1",
            "python311-PyYAML": "6.0.2-150600.10.3.1",
            "perl-Git": "2.51.0-150600.3.12.1",
            "git-daemon": "2.51.0-150600.3.12.1",
            "git-gui": "2.51.0-150600.3.12.1",
            "gitk": "2.51.0-150600.3.12.1",
            "git-arch": "2.51.0-150600.3.12.1",
            "git-email": "2.51.0-150600.3.12.1",
            "git-credential-libsecret": "2.51.0-150600.3.12.1"
        }
    ]
}