<div class="container">
<h1>Security update for git</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20049-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-03T08:56:21Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1042640">bsc#1042640</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1061041">bsc#1061041</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1069468">bsc#1069468</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1082023">bsc#1082023</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216545">bsc#1216545</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218588">bsc#1218588</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218664">bsc#1218664</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224168">bsc#1224168</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224170">bsc#1224170</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224171">bsc#1224171</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224172">bsc#1224172</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224173">bsc#1224173</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=779536">bsc#779536</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/SLE-17838">jsc#SLE-17838</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2005-4900.html">CVE-2005-4900</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2017-14867.html">CVE-2017-14867</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32002.html">CVE-2024-32002</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32004.html">CVE-2024-32004</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32020.html">CVE-2024-32020</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32021.html">CVE-2024-32021</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32465.html">CVE-2024-32465</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2005-4900</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-14867</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-14867</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32002</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32002</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.0</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32004</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32020</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.9</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32021</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.9</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32465</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves seven vulnerabilities, contains one feature and has six fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for git fixes the following issues:</p>
<p>git was updated to 2.45.1:</p>
<ul>
<li>CVE-2024-32002: recursive clones on case-insensitive
filesystems that support symbolic links are susceptible to case
confusion (bsc#1224168)</li>
<li>CVE-2024-32004: arbitrary code execution during local clones
(bsc#1224170)</li>
<li>CVE-2024-32020: file overwriting vulnerability during local
clones (bsc#1224171)</li>
<li>CVE-2024-32021: git may create hardlinks to arbitrary user-
readable files (bsc#1224172)</li>
<li>CVE-2024-32465: arbitrary code execution during clone operations
(bsc#1224173)</li>
</ul>
<p>Update to 2.45.0:</p>
<ul>
<li>Improved efficiency managing repositories with many references
("git init --ref-format=reftable")</li>
<li>"git checkout -p" and friends learned that that "@" is a
synonym for "HEAD"</li>
<li>cli improvements handling refs</li>
<li>Expanded a number of commands and options, UI improvements</li>
<li>status.showUntrackedFiles now accepts "true"</li>
<li>git-cherry-pick(1) now automatically drops redundant commits
with new --empty option</li>
<li>The userdiff patterns for C# has been updated.</li>
</ul>
<p>Update to 2.44.0:</p>
<ul>
<li>"git checkout -B <branch>" now longer allows switching to a
branch that is in use on another worktree. The users need to
use "--ignore-other-worktrees" option.</li>
<li>Faster server-side rebases with git replay</li>
<li>Faster pack generation with multi-pack reuse</li>
<li>rebase auto-squashing now works in non-interactive mode</li>
<li>pathspec now understands attr, e.g. ':(attr:~binary) for
selecting non-binaries, or builtin_objectmode for selecting
items by file mode or other properties</li>
<li>
<p>Many other cli UI and internal improvements and extensions</p>
</li>
<li>
<p>Do not replace apparmor configuration, fixes bsc#1216545</p>
</li>
</ul>
<p>Update to 2.43.2:</p>
<ul>
<li>https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt</li>
<li>Update to a new feature recently added, "git show-ref --exists".</li>
<li>Rename detection logic ignored the final line of a file if it
is an incomplete line.</li>
<li>"git diff --no-rename A B" did not disable rename detection but
did not trigger an error from the command line parser.</li>
<li>"git diff --no-index file1 file2" segfaulted while invoking the
external diff driver, which has been corrected.</li>
<li>A failed "git tag -s" did not necessarily result in an error
depending on the crypto backend, which has been corrected.</li>
<li>"git stash" sometimes was silent even when it failed due to
unwritable index file, which has been corrected.</li>
<li>Recent conversion to allow more than 0/1 in GIT_FLUSH broke the
mechanism by flipping what yes/no means by mistake, which has
been corrected.</li>
</ul>
<p>Update to 2.43.1:</p>
<ul>
<li>
<p>https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt</p>
</li>
<li>
<p>gitweb AppArmor profile: allow reading etc/gitweb-common.conf
(bsc#1218664)</p>
</li>
<li>
<p>git moved to /usr/libexec/git/git, update AppArmor profile
accordingly (bsc#1218588)</p>
</li>
</ul>
<p>Update to 2.43.0:</p>
<ul>
<li>The "--rfc" option of "git format-patch" used to be a valid way to
override an earlier "--subject-prefix=<something>" on the command
line and replace it with "[RFC PATCH]", but from this release, it
merely prefixes the string "RFC " in front of the given subject
prefix. If you are negatively affected by this change, please use
"--subject-prefix=PATCH --rfc" as a replacement.</li>
<li>In Git 2.42, "git rev-list --stdin" learned to take non-revisions
(like "--not") from the standard input, but the way such a "--not" was
handled was quite confusing, which has been rethought. The updated
rule is that "--not" given from the command line only affects revs
given from the command line that comes but not revs read from the
standard input, and "--not" read from the standard input affects
revs given from the standard input and not revs given from the
command line.</li>
<li>A message written in olden time prevented a branch from getting
checked out, saying it is already checked out elsewhere. But these
days, we treat a branch that is being bisected or rebased just like
a branch that is checked out and protect it from getting modified
with the same codepath. The message has been rephrased to say that
the branch is "in use" to avoid confusion.</li>
<li>Hourly and other schedules of "git maintenance" jobs are randomly
distributed now.</li>
<li>"git cmd -h" learned to signal which options can be negated by
listing such options like "--[no-]opt".</li>
<li>The way authentication related data other than passwords (e.g.,
oauth token and password expiration data) are stored in libsecret
keyrings has been rethought.</li>
<li>Update the libsecret and wincred credential helpers to correctly
match which credential to erase; they erased the wrong entry in
some cases.</li>
<li>Git GUI updates.</li>
<li>"git format-patch" learned a new "--description-file" option that
lets cover letter description to be fed; this can be used on
detached HEAD where there is no branch description available, and
also can override the branch description if there is one.</li>
<li>Use of the "--max-pack-size" option to allow multiple packfiles to
be created is now supported even when we are sending unreachable
objects to cruft packs.</li>
<li>"git format-patch --rfc --subject-prefix=<foo>" used to ignore the
"--subject-prefix" option and used "[RFC PATCH]"; now we will add
"RFC" prefix to whatever subject prefix is specified.</li>
<li>"git log --format" has been taught the %(decorate) placeholder for
further customization over what the "--decorate" option offers.</li>
<li>The default log message created by "git revert", when reverting a
commit that records a revert, has been tweaked, to encourage people
to describe complex "revert of revert of revert" situations better in
their own words.</li>
<li>The command-line completion support (in contrib/) learned to
complete "git commit --trailer=" for possible trailer keys.</li>
<li>"git update-index" learned the "--show-index-version" option to
inspect the index format version used by the on-disk index file.</li>
<li>"git diff" learned the "diff.statNameWidth" configuration variable,
to give the default width for the name part in the "--stat" output.</li>
<li>"git range-diff --notes=foo" compared "log --notes=foo --notes" of
the two ranges, instead of using just the specified notes tree,
which has been corrected to use only the specified notes tree.</li>
<li>The command line completion script (in contrib/) can be told to
complete aliases by including ": git <cmd> ;" in the alias to tell
it that the alias should be completed in a similar way to how "git
<cmd>" is completed. The parsing code for the alias has been
loosened to allow ';' without an extra space before it.</li>
<li>"git for-each-ref" and friends learned to apply mailmap to
authorname and other fields in a more flexible way than using
separate placeholder letters like %a[eElL] every time we want to
come up with small variants.</li>
<li>"git repack" machinery learned to pay attention to the "--filter="
option.</li>
<li>"git repack" learned the "--max-cruft-size" option to prevent cruft
packs from growing without bounds.</li>
<li>"git merge-tree" learned to take strategy backend specific options
via the "-X" option, like "git merge" does.</li>
<li>"git log" and friends learned the "--dd" option that is a
short-hand for "--diff-merges=first-parent -p".</li>
<li>The attribute subsystem learned to honor the "attr.tree"
configuration variable that specifies which tree to read the
.gitattributes files from.</li>
<li>"git merge-file" learns a mode to read three variants of the
contents to be merged from blob objects.</li>
<li>see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt</li>
</ul>
<p>Update 2.42.1:</p>
<ul>
<li>Fix "git diff" exit code handling</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-48=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
<ul>
<li>perl-Git-2.45.1-1.1</li>
<li>git-debugsource-2.45.1-1.1</li>
<li>git-core-2.45.1-1.1</li>
<li>git-2.45.1-1.1</li>
<li>git-core-debuginfo-2.45.1-1.1</li>
<li>git-debuginfo-2.45.1-1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2005-4900.html">https://www.suse.com/security/cve/CVE-2005-4900.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2017-14867.html">https://www.suse.com/security/cve/CVE-2017-14867.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32002.html">https://www.suse.com/security/cve/CVE-2024-32002.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32004.html">https://www.suse.com/security/cve/CVE-2024-32004.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32020.html">https://www.suse.com/security/cve/CVE-2024-32020.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32021.html">https://www.suse.com/security/cve/CVE-2024-32021.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32465.html">https://www.suse.com/security/cve/CVE-2024-32465.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1042640">https://bugzilla.suse.com/show_bug.cgi?id=1042640</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1061041">https://bugzilla.suse.com/show_bug.cgi?id=1061041</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1069468">https://bugzilla.suse.com/show_bug.cgi?id=1069468</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1082023">https://bugzilla.suse.com/show_bug.cgi?id=1082023</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216545">https://bugzilla.suse.com/show_bug.cgi?id=1216545</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218588">https://bugzilla.suse.com/show_bug.cgi?id=1218588</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218664">https://bugzilla.suse.com/show_bug.cgi?id=1218664</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224168">https://bugzilla.suse.com/show_bug.cgi?id=1224168</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224170">https://bugzilla.suse.com/show_bug.cgi?id=1224170</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224171">https://bugzilla.suse.com/show_bug.cgi?id=1224171</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224172">https://bugzilla.suse.com/show_bug.cgi?id=1224172</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1224173">https://bugzilla.suse.com/show_bug.cgi?id=1224173</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=779536">https://bugzilla.suse.com/show_bug.cgi?id=779536</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-17838">https://jira.suse.com/browse/SLE-17838</a>
</li>
</ul>
</div>