SUSE-SU-2023:2062-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:2062-1

UNKNOWN

Security update for git

Published Apr 28, 2023

Modified 2 years ago

Fix available

Details

This update for git fixes the following issues:

CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).

Affected Packages(11 packages)

git

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5

Fixed in:

2.26.2-27.69.1

git-core

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-cvs

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-daemon

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-doc

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.26.2-27.69.1

git-email

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-gui

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-svn

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

git-web

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

gitk

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.26.2-27.69.1

References

https://bugzilla.suse.com/1210686

https://www.suse.com/security/cve/CVE-2023-25652

https://www.suse.com/security/cve/CVE-2023-25815

https://www.suse.com/security/cve/CVE-2023-29007

https://www.suse.com/support/update/announcement/2023/suse-su-20232062-1/

Upstream

CVE-2023-25652 CVE-2023-25815 CVE-2023-29007

Related

CVE-2023-25652 CVE-2023-25815 CVE-2023-29007

Ecosystems(11)

SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5

Timeline

PublishedApr 28, 2023

ModifiedApr 28, 2023