openSUSE Security Update : libgit2 (openSUSE-2015-288)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

libgit2 was updated to fix an arbitrary command execution
vulnerability on case-insentitive file systems.

The following vulnerability was fixed :

- When using programs using libgit2 on case-insensitive
filesystems, .git/config could be overwritten, which
allowed execution of arbitrary commands (boo#925040,
CVE-2014-9390).

The configuration is uncommon as all default file systems on openSUSE
are case sensitive.

Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5
to backport further critical fixes.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=925040

Solution :

Update the affected libgit2 packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 82634 ()

Bugtraq ID:

CVE ID: CVE-2014-9390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now