openSUSE Security Update : libgit2 (openSUSE-2015-288)

Medium Nessus Plugin ID 82634


The remote openSUSE host is missing a security update.


libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems.

The following vulnerability was fixed :

- When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390).

The configuration is uncommon as all default file systems on openSUSE are case sensitive.

Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes.


Update the affected libgit2 packages.

See Also

Plugin Details

Severity: Medium

ID: 82634

File Name: openSUSE-2015-288.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2015/04/08

Modified: 2016/12/07

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libgit2-0, p-cpe:/a:novell:opensuse:libgit2-0-debuginfo, p-cpe:/a:novell:opensuse:libgit2-21, p-cpe:/a:novell:opensuse:libgit2-21-debuginfo, p-cpe:/a:novell:opensuse:libgit2-debugsource, p-cpe:/a:novell:opensuse:libgit2-devel, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/03/31

Exploitable With

Core Impact

Metasploit (Malicious Git and Mercurial HTTP Server For CVE-2014-9390)

Reference Information

CVE: CVE-2014-9390