[SECURITY] [DSA 4311-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4311-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2018 https://www.debian.org/security/faq -...

Git Submodule - Arbitrary Code Execution (PoC)

Git Submodule - Arbitrary Code Execution PoC These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the...

Git Submodule - Arbitrary Code Execution (PoC)

These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...

Libgit2 -- multiple vulnerabilities

The Git community reports: Multiple vulnerabilities...

DSA-4311-1 git - security update

Bulletin has no description...

DLA-1533-1 git - security update

Bulletin has no description...

DarkSpiritz - A Penetration Testing Framework For UNIX Systems

What is DarkSpiritz? Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this...

Debian: Security Advisory (DSA-4311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability

Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...

Security fix for the ALT Linux 8 package git version 2.17.2-alt1

Sept. 27, 2018 Dmitry V. Levin 2.17.2-alt1 - 2.17.1 - 2.17.2 fixes: CVE-2018-17456...

Security fix for the ALT Linux 10 package git version 2.17.2-alt1

Sept. 27, 2018 Dmitry V. Levin 2.17.2-alt1 - 2.17.1 - 2.17.2 fixes: CVE-2018-17456...

Security Bulletin: A vulnerability in git affects PowerKVM

Summary PowerKVM is affected by a vulnerability in git. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-11235 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of submodule "names" supplied via the...

[SECURITY] Fedora 27 Update: gitolite3-3.6.9-1.fc27

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

[SECURITY] Fedora 28 Update: gitolite3-3.6.9-1.fc28

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

[SECURITY] Fedora 29 Update: gitolite3-3.6.9-1.fc29

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

CVE-2018-16976

Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

CVE-2018-16976

CVE-2018-16976 affects gitolite prior to 3.6.9. Multiple advisories describe a race condition of repos that are “in the process of being migrated”; under certain configurations (involving @all or a regex) this can allow valid users to obtain unintended access before migration completes. Connected...

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

Open .Git Directories Leave 390K Websites Vulnerable

A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that can expose a range of sensitive information. Researcher Vladimír Smitka at Lynt Services performed the scan, starting first in his native Czech...