openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0057-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.833676

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (SUSE-SU-2024:0057-1)

Summary: The remote host is missing an update for the 'eclipse-jgit, jsch' package(s) announced via the SUSE-SU-2024:0057-1 advisory.

Description: Summary:
The remote host is missing an update for the 'eclipse-jgit, jsch' package(s) announced via the SUSE-SU-2024:0057-1 advisory.

Vulnerability Insight:
This update for eclipse-jgit, jsch fixes the following issues:

Security fix:
- CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. (bsc#1215298)

Other fixes:
jsch was updated to version 0.2.9:
- Added support for various algorithms
- Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork (bsc#1211955):
* Alias to the old artifact since the new one is drop-in
replacement
* Keep the old OSGi bundle symbolic name to avoid extensive
patching of eclipse stack
- Updated to version 0.2.9:
* For the full list of changes please consult the upstream changelogs below for each version updated:
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]
+ [link moved to references]

eclipse-jgit:

- Craft the jgit script from the real Main class of the jar file instead of using a jar launcher (bsc#1209646)

Affected Software/OS:
'eclipse-jgit, jsch' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-4759
https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.833676
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:0057-1)
Summary:	The remote host is missing an update for the 'eclipse-jgit, jsch' package(s) announced via the SUSE-SU-2024:0057-1 advisory.
Description:	Summary: The remote host is missing an update for the 'eclipse-jgit, jsch' package(s) announced via the SUSE-SU-2024:0057-1 advisory. Vulnerability Insight: This update for eclipse-jgit, jsch fixes the following issues: Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. (bsc#1215298) Other fixes: jsch was updated to version 0.2.9: - Added support for various algorithms - Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork (bsc#1211955): * Alias to the old artifact since the new one is drop-in replacement * Keep the old OSGi bundle symbolic name to avoid extensive patching of eclipse stack - Updated to version 0.2.9: * For the full list of changes please consult the upstream changelogs below for each version updated: + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] + [link moved to references] eclipse-jgit: - Craft the jgit script from the real Main class of the jar file instead of using a jar launcher (bsc#1209646) Affected Software/OS: 'eclipse-jgit, jsch' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-4759 https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1
Copyright	Copyright (C) 2024 Greenbone AG