SUSE-CU-2024:2972-1: Security update of suse/git

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jul 3 07:05:16 UTC 2024 

SUSE Container Update Advisory: suse/git
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2972-1
Container Tags        : suse/git:2.43 , suse/git:2.43-17.8 , suse/git:latest
Container Release     : 17.8
Severity              : important
Type                  : security
References            : 1224168 1224170 1224171 1224172 1224173 1226642 CVE-2024-32002
                        CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-6387
-----------------------------------------------------------------

The container suse/git was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2275-1
Released:    Tue Jul  2 16:33:30 2024
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1226642,CVE-2024-6387
This update for openssh fixes the following issues:

- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2277-1
Released:    Tue Jul  2 17:03:49 2024
Summary:     Security update for git
Type:        security
Severity:    important
References:  1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465
This update for git fixes the following issues:

- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)


The following package changes have been done:

- git-core-2.43.0-150600.3.3.1 updated
- openssh-clients-9.6p1-150600.6.3.1 updated
- openssh-common-9.6p1-150600.6.3.1 updated

More information about the sle-container-updates mailing list