Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892059
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for git (DLA-2059-1)
Summary:The remote host is missing an update for the 'git'; package(s) announced via the DLA-2059-1 advisory.
Description:Summary:
The remote host is missing an update for the 'git'
package(s) announced via the DLA-2059-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in git, a fast, scalable,
distributed revision control system.

CVE-2019-1348

It was reported that the --export-marks option of git fast-import is
exposed also via the in-stream command feature export-marks=...,
allowing to overwrite arbitrary paths.

CVE-2019-1387

It was discovered that submodule names are not validated strictly
enough, allowing very targeted attacks via remote code execution
when performing recursive clones.

In addition this update addresses a number of security issues which are
only an issue if git is operating on an NTFS filesystem (CVE-2019-1349,
CVE-2019-1352 and CVE-2019-1353).

Affected Software/OS:
'git' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1:2.1.4-2.1+deb8u8.

We recommend that you upgrade your git packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-1348
https://security.gentoo.org/glsa/202003-30
https://security.gentoo.org/glsa/202003-42
https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u
https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
RedHat Security Advisories: RHSA-2020:0228
https://access.redhat.com/errata/RHSA-2020:0228
SuSE Security Announcement: openSUSE-SU-2020:0123 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-1349
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349
Common Vulnerability Exposure (CVE) ID: CVE-2019-1352
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352
Common Vulnerability Exposure (CVE) ID: CVE-2019-1353
Common Vulnerability Exposure (CVE) ID: CVE-2019-1387
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/
https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html
RedHat Security Advisories: RHSA-2019:4356
https://access.redhat.com/errata/RHSA-2019:4356
RedHat Security Advisories: RHSA-2020:0002
https://access.redhat.com/errata/RHSA-2020:0002
RedHat Security Advisories: RHSA-2020:0124
https://access.redhat.com/errata/RHSA-2020:0124
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.