Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-0045-1.NASLHistoryJan 09, 2020 - 12:00 a.m.
SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0045-1)
2020-01-0900:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
8.1 High
AI Score
Confidence
Low
This update for git fixes the following issues :
Security issues fixed :
CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=… and it allows overwriting arbitrary paths (bsc#1158785).
Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)
Bug fixes: Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:0045-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(132745);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");
script_cve_id(
"CVE-2019-1348",
"CVE-2019-1349",
"CVE-2019-1350",
"CVE-2019-1351",
"CVE-2019-1352",
"CVE-2019-1353",
"CVE-2019-1354",
"CVE-2019-1387",
"CVE-2019-19604"
);
script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0045-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for git fixes the following issues :
Security issues fixed :
CVE-2019-1349: Fixed issue on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled into
using the same Git directory twice (bsc#1158787).
CVE-2019-19604: Fixed a recursive clone followed by a submodule update
could execute code contained within the repository without the user
explicitly having asked for that (bsc#1158795).
CVE-2019-1387: Fixed recursive clones that are currently affected by a
vulnerability that is caused by too-lax validation of submodule names,
allowing very targeted attacks via remote code execution in recursive
clones (bsc#1158793).
CVE-2019-1354: Fixed issue on Windows that refuses to write tracked
files with filenames that contain backslashes (bsc#1158792).
CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows drive, none
of the NTFS protections were active (bsc#1158791).
CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate
Data Streams (bsc#1158790).
CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside
of the US-English alphabet as relative paths (bsc#1158789).
CVE-2019-1350: Fixed incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in conjunction
with SSH URLs (bsc#1158788).
CVE-2019-1348: Fixed the --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=... and it
allows overwriting arbitrary paths (bsc#1158785).
Fixes an issue where git send-email failed to authenticate with SMTP
server (bsc#1082023)
Bug fixes: Add zlib dependency, which used to be provided by
openssl-devel, so that package can compile successfully after openssl
upgrade to 1.1.1. (bsc#1149792).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1348/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1349/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1350/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1351/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1352/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1353/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1354/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1387/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19604/");
# https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e867966f");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-45=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2020-45=1
SUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-45=1
SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-2020-45=1
SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2020-45=1
SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2020-45=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-1353");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"gitk-2.16.4-3.17.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | git-core | p-cpe:/a:novell:suse_linux:git-core |
| novell | suse_linux | git-core-debuginfo | p-cpe:/a:novell:suse_linux:git-core-debuginfo |
| novell | suse_linux | git-credential-gnome-keyring | p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring |
| novell | suse_linux | git-credential-gnome-keyring-debuginfo | p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo |
| novell | suse_linux | git-credential-libsecret | p-cpe:/a:novell:suse_linux:git-credential-libsecret |
| novell | suse_linux | git-credential-libsecret-debuginfo | p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo |
| novell | suse_linux | git-cvs | p-cpe:/a:novell:suse_linux:git-cvs |
| novell | suse_linux | git-daemon | p-cpe:/a:novell:suse_linux:git-daemon |
| novell | suse_linux | git-daemon-debuginfo | p-cpe:/a:novell:suse_linux:git-daemon-debuginfo |
| novell | suse_linux | git-debuginfo | p-cpe:/a:novell:suse_linux:git-debuginfo |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604
www.nessus.org/u?e867966f
bugzilla.suse.com/show_bug.cgi?id=1082023
bugzilla.suse.com/show_bug.cgi?id=1149792
bugzilla.suse.com/show_bug.cgi?id=1158785
bugzilla.suse.com/show_bug.cgi?id=1158787
bugzilla.suse.com/show_bug.cgi?id=1158788
bugzilla.suse.com/show_bug.cgi?id=1158789
bugzilla.suse.com/show_bug.cgi?id=1158790
bugzilla.suse.com/show_bug.cgi?id=1158791
bugzilla.suse.com/show_bug.cgi?id=1158792
bugzilla.suse.com/show_bug.cgi?id=1158793
bugzilla.suse.com/show_bug.cgi?id=1158795
www.suse.com/security/cve/CVE-2019-1348/
www.suse.com/security/cve/CVE-2019-1349/
www.suse.com/security/cve/CVE-2019-1350/
www.suse.com/security/cve/CVE-2019-1351/
www.suse.com/security/cve/CVE-2019-1352/
www.suse.com/security/cve/CVE-2019-1353/
www.suse.com/security/cve/CVE-2019-1354/
www.suse.com/security/cve/CVE-2019-1387/
www.suse.com/security/cve/CVE-2019-19604/
Related
openvas
openvas
Fedora Update for git FEDORA-2019-1cec196e20
2020-01-08 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1151)
2020-02-25 00:00:00
Fedora Update for git FEDORA-2019-c841bcc3b9
2020-01-09 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: git-2.21.1-1.fc30
2020-01-04 22:16:13
[SECURITY] Fedora 31 Update: git-2.24.1-1.fc31
2019-12-18 01:56:26
[SECURITY] Fedora 31 Update: libgit2-0.28.4-1.fc31
2019-12-17 01:46:03
nessus
nessus
GLSA-202003-30 : Git: Multiple vulnerabilities
2020-03-16 00:00:00
SUSE SLES12 Security Update : git (SUSE-SU-2019:3311-1)
2019-12-17 00:00:00
EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)
2020-02-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package git version 2.24.1-alt1
2019-12-12 00:00:00
Security fix for the ALT Linux 10 package git version 2.24.1-alt1
2019-12-08 00:00:00
suse
suse
Security update for git (important)
2020-01-29 00:00:00
Security update for git (moderate)
2020-05-02 00:00:00
cloudfoundry
cloudfoundry
USN-4220-1: Git vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
amazon
amazon
gentoo
gentoo
Git: Multiple vulnerabilities
2020-03-15 00:00:00
libgit2: Multiple vulnerabilities
2020-03-19 00:00:00
ubuntu
ubuntu
Git vulnerabilities
2019-12-10 00:00:00
oraclelinux
oraclelinux
git security update
2019-12-19 00:00:00
git security update
2020-01-16 00:00:00
debian
debian
[SECURITY] [DSA 4581-1] git security update
2019-12-10 19:56:55
[SECURITY] [DSA 4581-1] git security update
2019-12-10 19:56:55
[SECURITY] [DLA 2059-1] git security update
2020-01-23 14:27:34
archlinux
archlinux
[ASA-201912-6] git: arbitrary code execution
2019-12-18 00:00:00
[ASA-201912-5] libgit2: arbitrary code execution
2019-12-18 00:00:00
osv
osv
git - security update
2020-01-06 00:00:00
CVE-2019-1349
2020-01-24 21:15:12
CVE-2019-1354
2020-01-24 21:15:12
prion
prion
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
cve
cve
debiancve
debiancve
alpinelinux
alpinelinux
redhatcve
redhatcve
ubuntucve
ubuntucve
kaspersky
kaspersky
KLA11618 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-10 00:00:00
mageia
mageia
Updated git packages fix security vulnerabilities
2019-12-15 21:03:05
Updated libgit2 packages fix security vulnerabilities
2019-12-15 21:03:05
redhat
redhat
(RHSA-2020:0002) Important: rh-git218-git security update
2020-01-02 08:21:54
(RHSA-2019:4356) Important: git security update
2019-12-19 18:18:24
(RHSA-2020:0228) Important: git security update
2020-01-27 08:04:40
qualysblog
qualysblog
threatpost
threatpost
Microsoft Zaps Actively Exploited Zero-Day Bug
2019-12-10 21:21:24
symantec
symantec
Git CVE-2019-19604 Arbitrary Code Execution Vulnerability
2019-12-10 00:00:00
veracode
veracode
Arbitrary Command Execution
2020-05-10 23:24:41
Arbitrary Path Overwriting
2019-12-20 00:15:19
Remote Code Execution (RCE)
2020-05-10 23:22:09
mscve
mscve
Git for Visual Studio Remote Code Execution Vulnerability
2019-12-10 08:00:00
Git for Visual Studio Remote Code Execution Vulnerability
2019-12-10 08:00:00
Git for Visual Studio Tampering Vulnerability
2019-12-10 08:00:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2020-01-18 14:51:34
ibm
ibm
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2019-12-10 00:00:00
apple
apple
About the security content of Xcode 11.2
2019-10-31 00:00:00
About the security content of Xcode 11.2 - Apple Support
2020-02-03 09:54:35