Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704581
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 4581-1 (git - security update)
Summary:The remote host is missing an update for the 'git'; package(s) announced via the DSA-4581-1 advisory.
Description:Summary:
The remote host is missing an update for the 'git'
package(s) announced via the DSA-4581-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in git, a fast, scalable,
distributed revision control system.

CVE-2019-1348
It was reported that the --export-marks option of git fast-import is
exposed also via the in-stream command feature export-marks=...,
allowing to overwrite arbitrary paths.

CVE-2019-1387
It was discovered that submodule names are not validated strictly
enough, allowing very targeted attacks via remote code execution
when performing recursive clones.

CVE-2019-19604
Joern Schneeweisz reported a vulnerability, where a recursive clone
followed by a submodule update could execute code contained within
the repository without the user explicitly having asked for that. It
is now disallowed for `.gitmodules` to have entries that set
`submodule..update=!command`.

In addition this update addresses a number of security issues which are
only an issue if git is operating on an NTFS filesystem (CVE-2019-1349,
CVE-2019-1352 and CVE-2019-1353
).

Affected Software/OS:
'git' package(s) on Debian Linux.

Solution:
For the oldstable distribution (stretch), these problems have been fixed
in version 1:2.11.0-3+deb9u5.

For the stable distribution (buster), these problems have been fixed in
version 1:2.20.1-2+deb10u1.

We recommend that you upgrade your git packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-1348
https://security.gentoo.org/glsa/202003-30
https://security.gentoo.org/glsa/202003-42
https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u
https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
RedHat Security Advisories: RHSA-2020:0228
https://access.redhat.com/errata/RHSA-2020:0228
SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-1349
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349
Common Vulnerability Exposure (CVE) ID: CVE-2019-1352
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352
Common Vulnerability Exposure (CVE) ID: CVE-2019-1353
Common Vulnerability Exposure (CVE) ID: CVE-2019-1387
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/
https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html
RedHat Security Advisories: RHSA-2019:4356
https://access.redhat.com/errata/RHSA-2019:4356
RedHat Security Advisories: RHSA-2020:0002
https://access.redhat.com/errata/RHSA-2020:0002
RedHat Security Advisories: RHSA-2020:0124
https://access.redhat.com/errata/RHSA-2020:0124
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.