openSUSE Security Update : cgit (openSUSE-2015-436)
Medium Nessus Plugin ID 84335
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe git web frontend cgit was updated to 0.11.2 to fix security issues and bugs.
The following vulnerabilities were fixed :
- CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using case-insensitive file systems when using vulnerable git versions.
In addition cgit was updated to 0.11.2 with minor improvements and bug fixes.
The embedded git version was updated to 2.4.3.
SolutionUpdate the affected cgit packages.