Oval Definition:oval:org.opensuse.security:def:59150
Revision Date:2020-12-01Version:1
Title:Security update for git (Important)
Description:

This update for git fixes the following issues:

Security issues fixed:

- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023)
Family:unixClass:patch
Status:Reference(s):1082023
1104129
1114592
1120114
1120115
1120116
1120117
1120118
1120119
1120120
1120121
1120122
1124937
1126068
1126069
1133114
1133145
1133185
1135254
1136085
1141897
1142649
1142654
1145383
1148517
1149145
1155094
1158785
1158787
1158788
1158789
1158790
1158791
1158792
1158793
1158795
1159723
1159729
1160305
1160467
1160468
1160498
1161799
1162224
1162367
1162825
1163985
1164825
1165894
1168404
1168407
1169066
1171928
1173991
1174284
1175686
CVE-2013-1992
CVE-2018-15126
CVE-2018-15127
CVE-2018-20019
CVE-2018-20020
CVE-2018-20021
CVE-2018-20022
CVE-2018-20023
CVE-2018-20024
CVE-2018-5740
CVE-2018-5743
CVE-2018-5745
CVE-2018-6307
CVE-2019-0221
CVE-2019-11365
CVE-2019-11366
CVE-2019-12418
CVE-2019-1348
CVE-2019-1349
CVE-2019-1350
CVE-2019-1351
CVE-2019-1352
CVE-2019-1353
CVE-2019-1354
CVE-2019-1387
CVE-2019-14250
CVE-2019-14806
CVE-2019-14896
CVE-2019-14897
CVE-2019-15847
CVE-2019-17015
CVE-2019-17016
CVE-2019-17017
CVE-2019-17021
CVE-2019-17022
CVE-2019-17024
CVE-2019-17026
CVE-2019-17563
CVE-2019-17569
CVE-2019-18348
CVE-2019-19604
CVE-2019-6212
CVE-2019-6215
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6229
CVE-2019-6233
CVE-2019-6234
CVE-2019-6465
CVE-2019-9674
CVE-2020-15663
CVE-2020-15664
CVE-2020-15670
CVE-2020-1720
CVE-2020-1927
CVE-2020-1934
CVE-2020-1938
CVE-2020-6796
CVE-2020-6797
CVE-2020-6798
CVE-2020-6799
CVE-2020-6800
CVE-2020-8492
CVE-2020-9484
SUSE-SU-2019:0060-1
SUSE-SU-2019:0511-1
SUSE-SU-2019:1091-1
SUSE-SU-2019:2358-1
SUSE-SU-2019:3311-1
SUSE-SU-2020:0068-1
SUSE-SU-2020:0204-1
SUSE-SU-2020:0394-1
SUSE-SU-2020:0715-1
SUSE-SU-2020:0854-1
SUSE-SU-2020:1498-1
SUSE-SU-2020:2544-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.0 NonFree
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND kdump-0.8.16-lp150.11 is installed
    • Definition Synopsis
  • openSUSE Leap 15.0 NonFree is installed
  • AND opera-63.0.3368.66-lp151.2.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libpcap-1.8.1-lp151.4.3 is installed
  • OR libpcap-devel-1.8.1-lp151.4.3 is installed
  • OR libpcap-devel-32bit-1.8.1-lp151.4.3 is installed
  • OR libpcap-devel-static-1.8.1-lp151.4.3 is installed
  • OR libpcap1-1.8.1-lp151.4.3 is installed
  • OR libpcap1-32bit-1.8.1-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND atftp-0.7.0-160.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • bind-9.9.9P1-63.12 is installed
  • OR bind-chrootenv-9.9.9P1-63.12 is installed
  • OR bind-doc-9.9.9P1-63.12 is installed
  • OR bind-libs-9.9.9P1-63.12 is installed
  • OR bind-utils-9.9.9P1-63.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • git-2.12.3-27.22 is installed
  • OR git-core-2.12.3-27.22 is installed
  • OR git-doc-2.12.3-27.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libdmx1-1.1.3-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND binutils-2.32-9.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND mailman-2.1.17-3.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_143-94_47-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • gnutls-3.3.27-3.3 is installed
  • OR libgnutls-openssl27-3.3.27-3.3 is installed
  • OR libgnutls28-3.3.27-3.3 is installed
  • OR libgnutls28-32bit-3.3.27-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • bind-9.11.2-1 is installed
  • OR bind-chrootenv-9.11.2-1 is installed
  • OR bind-doc-9.11.2-1 is installed
  • OR bind-utils-9.11.2-1 is installed
  • OR libbind9-160-9.11.2-1 is installed
  • OR libdns169-9.11.2-1 is installed
  • OR libirs160-9.11.2-1 is installed
  • OR libisc166-9.11.2-1 is installed
  • OR libisc166-32bit-9.11.2-1 is installed
  • OR libisccc160-9.11.2-1 is installed
  • OR libisccfg160-9.11.2-1 is installed
  • OR liblwres160-9.11.2-1 is installed
  • OR python-bind-9.11.2-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-Werkzeug-0.12.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-urllib3-1.23-3.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-sprockets-2_12-2.12.5-1.4 is installed
  • OR rubygem-sprockets-2_12-2.12.5-1.4 is installed
    • BACK