libgit2-1.5.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12632 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libgit2-1.5.1-1.1 on GA media These are all security issues fixed in the libgit2-1.5.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12632 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12632 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-22742/ SUSE CVE CVE-2023-22742 page openSUSE Tumbleweed libgit2-1.5.1-1.1 libgit2-1_5-1.5.1-1.1 libgit2-devel-1.5.1-1.1 libgit2-1.5.1-1.1 as a component of openSUSE Tumbleweed libgit2-1_5-1.5.1-1.1 as a component of openSUSE Tumbleweed libgit2-devel-1.5.1-1.1 as a component of openSUSE Tumbleweed libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked. CVE-2023-22742 openSUSE Tumbleweed:libgit2-1.5.1-1.1 openSUSE Tumbleweed:libgit2-1_5-1.5.1-1.1 openSUSE Tumbleweed:libgit2-devel-1.5.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22742.html CVE-2023-22742 https://bugzilla.suse.com/1207364 SUSE Bug 1207364