Overview
Security update for libgit2

This update for libgit2 to version 0.26.5 fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of
bound read, allowing to read the base object, which could be exploited by
an attacker to cause denial of service (DoS) (bsc#1100613).
- CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file,
which could be exploited by an attacker t ocause a denial of service (DoS)
(bsc#1100612).
- CVE-2018-11235: Fixed a remote code execution, which could occur with a
crafted .gitmodules file (bsc#1095219)
- CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol "ng" packets
(bsc#1104641)

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1095219
VUL-0: CVE-2018-11235: git,libgit2: arbitrary code execution when recursively cloning a malicious repository
bnc#1100612
VUL-0: CVE-2018-10888: libgit2: an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits
bnc#1100613
VUL-0: CVE-2018-10887: libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array
bnc#1104641
VUL-0: libgit2: out-of-bounds reads when processing smart-protocol "ng" packets
CVE-2018-11235
CVE-2018-10888
CVE-2018-10887
CVE-2018-15501
Selected Binaries
openSUSE Build Service is sponsored by
Places