 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.885727 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora: Security Advisory (FEDORA-2024-8ba389815f) |
| Summary: | The remote host is missing an update for the 'rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git2, rust-git-absorb, rust-git-delta, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, rust-vergen' package(s) announced via the FEDORA-2024-8ba389815f advisory. |
| Description: | Summary: The remote host is missing an update for the 'rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git2, rust-git-absorb, rust-git-delta, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, rust-vergen' package(s) announced via the FEDORA-2024-8ba389815f advisory. Vulnerability Insight: - Update the git2 crate to version 0.18.2. - Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications. Affected Software/OS: 'rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git2, rust-git-absorb, rust-git-delta, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, rust-vergen' package(s) on Fedora 39. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-24575 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/ https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa https://github.com/libgit2/libgit2/releases/tag/v1.6.5 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v Common Vulnerability Exposure (CVE) ID: CVE-2024-24577 https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |