openSUSE Security Update : cgit (openSUSE-2015-436)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The git web frontend cgit was updated to 0.11.2 to fix security issues
and bugs.

The following vulnerabilities were fixed :

- CVE-2014-9390: arbitrary command execution vulnerability
on case-insensitive file systems in git. Malicious
commits could affect client users on all platforms using
case-insensitive file systems when using vulnerable git
versions.

In addition cgit was updated to 0.11.2 with minor improvements and bug
fixes.

The embedded git version was updated to 2.4.3.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=910756

Solution :

Update the affected cgit packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 84335 ()

Bugtraq ID:

CVE ID: CVE-2014-9390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now