Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2013:0589
HistoryMar 04, 2013 - 10:46 p.m.

emacs, git, gitk, gitweb, perl security update

2013-03-0422:46:35
CentOS Project
lists.centos.org
59

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

CentOS Errata and Security Advisory CESA-2013:0589

Git is a fast, scalable, distributed revision control system.

It was discovered that Git’s git-imap-send command, a tool to send a
collection of patches from standard input (stdin) to an IMAP folder, did
not properly perform SSL X.509 v3 certificate validation on the IMAP
server’s certificate, as it did not ensure that the server’s hostname
matched the one provided in the CN field of the server’s certificate. A
rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information.
(CVE-2013-0308)

All git users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-March/081780.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-March/027088.html

Affected packages:
emacs-git
emacs-git-el
git
git-all
git-cvs
git-daemon
git-email
git-gui
git-svn
gitk
gitweb
perl-Git

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0589

Related

redhat 1
nessus 8
debiancve 1
veracode 1
securityvulns 2
openvas 10
altlinux 2
cve 1
fedora 2
prion 1
cvelist 1
ubuntucve 1
oraclelinux 2
redhat
redhat
(RHSA-2013:0589) Moderate: git security update
2013-03-04 00:00:00
nessus
nessus
openSUSE Security Update : git (openSUSE-SU-2013:0380-1)
2014-06-13 00:00:00
RHEL 6 : git (RHSA-2013:0589)
2013-03-05 00:00:00
Scientific Linux Security Update : git on SL6.x i386/x86_64 (20130304)
2013-03-05 00:00:00
debiancve
debiancve
CVE-2013-0308
2013-03-08 21:55:00
veracode
veracode
Man-in-the-middle Attack
2019-01-15 08:58:58
securityvulns
securityvulns
APPLE-SA-2013-09-18-3 Xcode 5.0
2013-10-02 00:00:00
git / Apple Xcode certificate spoofing
2013-10-02 00:00:00
openvas
openvas
Fedora Update for git FEDORA-2013-2829
2013-03-05 00:00:00
Fedora Update for git FEDORA-2013-2763
2013-03-05 00:00:00
RedHat Update for git RHSA-2013:0589-01
2013-03-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package git version 1.8.1.4-alt1
2013-02-22 00:00:00
Security fix for the ALT Linux 10 package git version 1.8.1.4-alt1
2013-02-22 00:00:00
cve
cve
CVE-2013-0308
2013-03-08 21:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: git-1.8.1.4-1.fc18
2013-03-02 20:04:27
[SECURITY] Fedora 17 Update: git-1.7.11.7-3.fc17
2013-03-02 20:05:44
prion
prion
Command injection
2013-03-08 21:55:00
cvelist
cvelist
CVE-2013-0308
2013-03-08 21:00:00
ubuntucve
ubuntucve
CVE-2013-0308
2013-03-08 00:00:00
oraclelinux
oraclelinux
git security update
2013-03-04 00:00:00
git security update
2016-03-23 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON
Related for CESA-2013:0589
redhat1nessus8debiancve1veracode1securityvulns2openvas10altlinux2cve1fedora2prion1cvelist1ubuntucve1oraclelinux2