openSUSE Security Update : cgit (openSUSE-2015-436)

Medium Nessus Plugin ID 84335


The remote openSUSE host is missing a security update.


The git web frontend cgit was updated to 0.11.2 to fix security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using case-insensitive file systems when using vulnerable git versions.

In addition cgit was updated to 0.11.2 with minor improvements and bug fixes.

The embedded git version was updated to 2.4.3.


Update the affected cgit packages.

See Also

Plugin Details

Severity: Medium

ID: 84335

File Name: openSUSE-2015-436.nasl

Version: $Revision: 2.3 $

Type: local

Agent: unix

Published: 2015/06/23

Modified: 2016/12/07

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:cgit, p-cpe:/a:novell:opensuse:cgit-debuginfo, p-cpe:/a:novell:opensuse:cgit-debugsource, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/06/12

Exploitable With

Core Impact

Metasploit (Malicious Git and Mercurial HTTP Server For CVE-2014-9390)

Reference Information

CVE: CVE-2014-9390