Red Hat Local Security Checks : RedHat Update for git RHSA-2013:0589-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870943

Categoría: Red Hat Local Security Checks

Título: RedHat Update for git RHSA-2013:0589-01

Resumen: The remote host is missing an update for the 'git'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'git'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Git is a fast, scalable, distributed revision control system.

It was discovered that Git's git-imap-send command, a tool to send a
collection of patches from standard input (stdin) to an IMAP folder, did
not properly perform SSL X.509 v3 certificate validation on the IMAP
server`s certificate, as it did not ensure that the server`s hostname
matched the one provided in the CN field of the server's certificate. A
rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information.
(CVE-2013-0308)

All git users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Affected Software/OS:
git on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0308
1028205
http://www.securitytracker.com/id/1028205
52361
http://secunia.com/advisories/52361
52443
http://secunia.com/advisories/52443
52467
http://secunia.com/advisories/52467
58148
http://www.securityfocus.com/bid/58148
APPLE-SA-2013-09-18-3
http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html
RHSA-2013:0589
http://rhn.redhat.com/errata/RHSA-2013-0589.html
[ANNOUNCE] 20130220 Git v1.8.1.4
http://marc.info/?l=git&m=136134619013145&w=2
git-gitimapsend-spoofing(82329)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82329
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586
http://support.apple.com/kb/HT5937
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.novell.com/show_bug.cgi?id=804730
https://bugzilla.redhat.com/show_bug.cgi?id=909977
https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt
openSUSE-SU-2013:0380
http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html
openSUSE-SU-2013:0382
http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870943
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for git RHSA-2013:0589-01
Resumen:	The remote host is missing an update for the 'git'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'git' package(s) announced via the referenced advisory. Vulnerability Insight: Git is a fast, scalable, distributed revision control system. It was discovered that Git's git-imap-send command, a tool to send a collection of patches from standard input (stdin) to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server`s certificate, as it did not ensure that the server`s hostname matched the one provided in the CN field of the server's certificate. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information. (CVE-2013-0308) All git users should upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: git on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0308 1028205 http://www.securitytracker.com/id/1028205 52361 http://secunia.com/advisories/52361 52443 http://secunia.com/advisories/52443 52467 http://secunia.com/advisories/52467 58148 http://www.securityfocus.com/bid/58148 APPLE-SA-2013-09-18-3 http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html RHSA-2013:0589 http://rhn.redhat.com/errata/RHSA-2013-0589.html [ANNOUNCE] 20130220 Git v1.8.1.4 http://marc.info/?l=git&m=136134619013145&w=2 git-gitimapsend-spoofing(82329) https://exchange.xforce.ibmcloud.com/vulnerabilities/82329 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586 http://support.apple.com/kb/HT5937 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=804730 https://bugzilla.redhat.com/show_bug.cgi?id=909977 https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt openSUSE-SU-2013:0380 http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html openSUSE-SU-2013:0382 http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html
Copyright	Copyright (C) 2013 Greenbone AG