Security update for libgit2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4051-1 Final 1 1 2018-12-08T10:20:47Z current 2018-12-08T10:20:47Z 2018-12-08T10:20:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libgit2 This update for libgit2 fixes the following issues: Security issue fixed: - CVE-2018-17456: Submodule URLs and paths with a leading "-" are now ignored to avoid injecting options into library consumers that perform recursive clones (bsc#1110949). Non-security issues fixed: - Version update to version 0.26.8 (bsc#1114729). - Full changelog can be found at: * https://github.com/libgit2/libgit2/releases/tag/v0.26.8 * https://github.com/libgit2/libgit2/releases/tag/v0.26.7 This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00019.html E-Mail link for openSUSE-SU-2018:4051-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libgit2-0.26.8-lp150.2.6.1 libgit2-26-0.26.8-lp150.2.6.1 libgit2-26-32bit-0.26.8-lp150.2.6.1 libgit2-devel-0.26.8-lp150.2.6.1 libgit2-0.26.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libgit2-26-0.26.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libgit2-26-32bit-0.26.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libgit2-devel-0.26.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. CVE-2018-17456 openSUSE Leap 15.0:libgit2-0.26.8-lp150.2.6.1 openSUSE Leap 15.0:libgit2-26-0.26.8-lp150.2.6.1 openSUSE Leap 15.0:libgit2-26-32bit-0.26.8-lp150.2.6.1 openSUSE Leap 15.0:libgit2-devel-0.26.8-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00019.html https://www.suse.com/security/cve/CVE-2018-17456.html CVE-2018-17456 https://bugzilla.suse.com/1110949 SUSE Bug 1110949