 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2019.0391 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2019-0391) |
| Zusammenfassung: | The remote host is missing an update for the 'libgit2' package(s) announced via the MGASA-2019-0391 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'libgit2' package(s) announced via the MGASA-2019-0391 advisory. Vulnerability Insight: libgit2 has been updated to version 0.28.4 to fix several security issues: * A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. * CVE-2019-1348: the fast-import stream command 'feature export-marks=path' allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. * CVE-2019-1350: recursive clones may lead to arbitrary remote code executing due to improper quoting of command line arguments. As libgit2 uses libssh2, which does not require us to perform command line parsing, it is not susceptible to this vulnerability. * CVE-2019-1387: it is possible to let a submodule's git directory point into a sibling's submodule directory, which may result in overwriting parts of the Git repository and thus lead to arbitrary command execution. As libgit2 doesn't provide any way to do submodule clones natively, it is not susceptible to this vulnerability. Users of libgit2 that have implemented recursive submodule clones manually are encouraged to review their implementation for this vulnerability. Affected Software/OS: 'libgit2' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-1348 https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-42 https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/ RedHat Security Advisories: RHSA-2020:0228 https://access.redhat.com/errata/RHSA-2020:0228 SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2019-1350 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350 Common Vulnerability Exposure (CVE) ID: CVE-2019-1387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/ https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html RedHat Security Advisories: RHSA-2019:4356 https://access.redhat.com/errata/RHSA-2019:4356 RedHat Security Advisories: RHSA-2020:0002 https://access.redhat.com/errata/RHSA-2020:0002 RedHat Security Advisories: RHSA-2020:0124 https://access.redhat.com/errata/RHSA-2020:0124 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |