Bugzilla – Bug 1224170
VUL-0: CVE-2024-32004: git: arbitrary code execution during local clones
Last modified: 2024-07-12 16:30:56 UTC
Public now. Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-32004
https://build.opensuse.org/request/show/1174111
Tumbleweed: https://build.opensuse.org/request/show/1174145
SUSE-SU-2024:1807-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1224168, 1224170, 1224171, 1224172, 1224173 CVE References: CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465 Maintenance Incident: [SUSE:Maintenance:33869](https://smelt.suse.de/incident/33869/) Sources used: openSUSE Leap 15.5 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Micro 5.5 (src): git-2.35.3-150300.10.39.1 Basesystem Module 15-SP5 (src): git-2.35.3-150300.10.39.1 Development Tools Module 15-SP5 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): git-2.35.3-150300.10.39.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): git-2.35.3-150300.10.39.1 SUSE Manager Proxy 4.3 (src): git-2.35.3-150300.10.39.1 SUSE Manager Retail Branch Server 4.3 (src): git-2.35.3-150300.10.39.1 SUSE Manager Server 4.3 (src): git-2.35.3-150300.10.39.1 SUSE Enterprise Storage 7.1 (src): git-2.35.3-150300.10.39.1 openSUSE Leap 15.3 (src): git-2.35.3-150300.10.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2277-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1224168, 1224170, 1224171, 1224172, 1224173 CVE References: CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465 Maintenance Incident: [SUSE:Maintenance:34509](https://smelt.suse.de/incident/34509/) Sources used: Basesystem Module 15-SP6 (src): git-2.43.0-150600.3.3.1 Development Tools Module 15-SP6 (src): git-2.43.0-150600.3.3.1 openSUSE Leap 15.6 (src): git-2.43.0-150600.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1807-2: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1224168, 1224170, 1224171, 1224172, 1224173 CVE References: CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465 Maintenance Incident: [SUSE:Maintenance:33869](https://smelt.suse.de/incident/33869/) Sources used: SUSE Linux Enterprise Micro 5.5 (src): git-2.35.3-150300.10.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.