SUSE-SU-2024:2277-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2277-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:2277-1
- Related
- Published
- 2024-07-02T15:03:50Z
- Modified
- 2024-07-02T15:03:50Z
- Summary
- Security update for git
- Details
-
This update for git fixes the following issues:
- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20242277-1/
- https://bugzilla.suse.com/1224168
- https://bugzilla.suse.com/1224170
- https://bugzilla.suse.com/1224171
- https://bugzilla.suse.com/1224172
- https://bugzilla.suse.com/1224173
- https://www.suse.com/security/cve/CVE-2024-32002
- https://www.suse.com/security/cve/CVE-2024-32004
- https://www.suse.com/security/cve/CVE-2024-32020
- https://www.suse.com/security/cve/CVE-2024-32021
- https://www.suse.com/security/cve/CVE-2024-32465
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP6 / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
SUSE:Linux Enterprise Module for Development Tools 15 SP6 / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.43.0-150600.3.3.1
Ecosystem specific
{
"binaries": [
{
"perl-Git": "2.43.0-150600.3.3.1",
"git-email": "2.43.0-150600.3.3.1",
"git": "2.43.0-150600.3.3.1",
"git-svn": "2.43.0-150600.3.3.1",
"gitk": "2.43.0-150600.3.3.1",
"git-cvs": "2.43.0-150600.3.3.1",
"git-daemon": "2.43.0-150600.3.3.1",
"git-doc": "2.43.0-150600.3.3.1",
"git-gui": "2.43.0-150600.3.3.1",
"git-arch": "2.43.0-150600.3.3.1",
"git-web": "2.43.0-150600.3.3.1"
}
]
}
openSUSE:Leap 15.6 / git
Package
- Name
- git
- Purl
- purl:rpm/suse/git&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.43.0-150600.3.3.1
Ecosystem specific
{
"binaries": [
{
"git-core": "2.43.0-150600.3.3.1",
"perl-Git": "2.43.0-150600.3.3.1",
"git-email": "2.43.0-150600.3.3.1",
"git": "2.43.0-150600.3.3.1",
"gitk": "2.43.0-150600.3.3.1",
"git-cvs": "2.43.0-150600.3.3.1",
"git-daemon": "2.43.0-150600.3.3.1",
"git-doc": "2.43.0-150600.3.3.1",
"git-arch": "2.43.0-150600.3.3.1",
"git-web": "2.43.0-150600.3.3.1",
"git-p4": "2.43.0-150600.3.3.1",
"git-credential-libsecret": "2.43.0-150600.3.3.1",
"git-svn": "2.43.0-150600.3.3.1",
"git-gui": "2.43.0-150600.3.3.1"
}
]
}