Test ID:	1.3.6.1.4.1.25623.1.1.10.2019.0393
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2019-0393)
Summary:	The remote host is missing an update for the 'git' package(s) announced via the MGASA-2019-0393 advisory.
Description:	Summary: The remote host is missing an update for the 'git' package(s) announced via the MGASA-2019-0393 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. (CVE-2019-1348) When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. We now require the directory to be empty. (CVE-2019-1349) Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. (CVE-2019-1387) Arbitrary command execution is possible in Git before before 2.21.1, because a 'git submodule update' operation can run commands found in the .gitmodules file of a malicious repository. (CVE-2019-19604) Affected Software/OS: 'git' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1348 https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-42 https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/ RedHat Security Advisories: RHSA-2020:0228 https://access.redhat.com/errata/RHSA-2020:0228 SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2019-1349 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349 Common Vulnerability Exposure (CVE) ID: CVE-2019-1387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/ https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html RedHat Security Advisories: RHSA-2019:4356 https://access.redhat.com/errata/RHSA-2019:4356 RedHat Security Advisories: RHSA-2020:0002 https://access.redhat.com/errata/RHSA-2020:0002 RedHat Security Advisories: RHSA-2020:0124 https://access.redhat.com/errata/RHSA-2020:0124 Common Vulnerability Exposure (CVE) ID: CVE-2019-19604 Debian Security Information: DSA-4581 (Google Search) https://www.debian.org/security/2019/dsa-4581 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCYSSCA5ZTEP46SB4XRPSQGFV2L3NKMZ/ https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md http://www.openwall.com/lists/oss-security/2019/12/13/1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.