OpenSUSE Linux update for libgit2

Published: 2019-01-14 13:15:13
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-19456
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Opensuse
Vulnerable software versions Opensuse 42.3
Vendor URL Novell

Security Advisory

1) Input validation error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into opening a specially crafted .gitmodules file and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00006.html

Back to List