Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 4581-1 (git - security update)
Summary:The remote host is missing an update for the 'git'; package(s) announced via the DSA-4581-1 advisory.
The remote host is missing an update for the 'git'
package(s) announced via the DSA-4581-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in git, a fast, scalable,
distributed revision control system.

It was reported that the --export-marks option of git fast-import is
exposed also via the in-stream command feature export-marks=...,
allowing to overwrite arbitrary paths.

It was discovered that submodule names are not validated strictly
enough, allowing very targeted attacks via remote code execution
when performing recursive clones.

Joern Schneeweisz reported a vulnerability, where a recursive clone
followed by a submodule update could execute code contained within
the repository without the user explicitly having asked for that. It
is now disallowed for `.gitmodules` to have entries that set

In addition this update addresses a number of security issues which are
only an issue if git is operating on an NTFS filesystem (CVE-2019-1349,
CVE-2019-1352 and CVE-2019-1353

Affected Software/OS:
'git' package(s) on Debian Linux.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:2.11.0-3+deb9u5.

For the stable distribution (buster), these problems have been fixed in
version 1:2.20.1-2+deb10u1.

We recommend that you upgrade your git packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-1348
RedHat Security Advisories: RHSA-2020:0228
SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2019-1349
Common Vulnerability Exposure (CVE) ID: CVE-2019-1352
Common Vulnerability Exposure (CVE) ID: CVE-2019-1353
Common Vulnerability Exposure (CVE) ID: CVE-2019-1387
RedHat Security Advisories: RHSA-2019:4356
RedHat Security Advisories: RHSA-2020:0002
RedHat Security Advisories: RHSA-2020:0124
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.