openSUSE Security Update : libgit2 (openSUSE-2015-288)
Medium Nessus Plugin ID 82634
SynopsisThe remote openSUSE host is missing a security update.
Descriptionlibgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems.
The following vulnerability was fixed :
- When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390).
The configuration is uncommon as all default file systems on openSUSE are case sensitive.
Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes.
SolutionUpdate the affected libgit2 packages.