Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-6793-2)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.12.2024.6793.2

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-6793-2)

Summary: The remote host is missing an update for the 'git' package(s) announced via the USN-6793-2 advisory.

Description: Summary:
The remote host is missing an update for the 'git' package(s) announced via the USN-6793-2 advisory.

Vulnerability Insight:
USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further
investigation. This update fixes the problem.

Original advisory details:

It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)

Affected Software/OS:
'git' package(s) on Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-32002
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
http://www.openwall.com/lists/oss-security/2024/05/14/2

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6793.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6793-2)
Summary:	The remote host is missing an update for the 'git' package(s) announced via the USN-6793-2 advisory.
Description:	Summary: The remote host is missing an update for the 'git' package(s) announced via the USN-6793-2 advisory. Vulnerability Insight: USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-32002) Affected Software/OS: 'git' package(s) on Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-32002 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/ https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv http://www.openwall.com/lists/oss-security/2024/05/14/2
Copyright	Copyright (C) 2024 Greenbone AG