SUSE-SU-2016:0796-1 Security update for git

This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...

[slackware-security] git

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/git-2.7.3-i486-1slack14.1.txz: Upgraded. Fixed buffer overflows allowing server and client side remote code...

UBUNTU-CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...

Git 版本<=2.7.1 远程代码执行漏洞

参考来源： http://seclists.org/oss-sec/2016/q1/645 Hello, original report describing the overflow is here http://pastebin.com/UX2P2jjg On 11/02/2016 16:50, Jeff King wrote this on the git security mailing list: On Thu, Feb 11, 2016 at 02:31:49PM +0100, 'Laël Cellier' via Git Security wrote: Ok the bug...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : git (SSA:2016-075-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-075-01. The text itself...

CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...

UBUNTU-CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, which triggers a heap-based buffer overflow...

CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, which triggers a heap-based buffer overflow...

Fedora 22 : git-2.4.3-7.fc22 (2015-cf767c77c1)

git-2.1.0-6.fc21 - fix arbitrary code execution via crafted URLs Resolves: 1269797 git-2.4.3-7.fc22 - fix arbitrary code execution via crafted URLs Resolves: 1269797 git-2.5.0-2.fc23 - fix arbitrary code execution via crafted URLs Resolves: 1269797 Note that Tenable Network Security has extracted...

Fedora 23 : git-2.5.0-2.fc23 (2015-05b74288af)

git-2.1.0-6.fc21 - fix arbitrary code execution via crafted URLs Resolves: 1269797 git-2.4.3-7.fc22 - fix arbitrary code execution via crafted URLs Resolves: 1269797 git-2.5.0-2.fc23 - fix arbitrary code execution via crafted URLs Resolves: 1269797 Note that Tenable Network Security has extracted...

Self Hosted Git Service: Gogs

Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ALL...

git-scm.com XSS vulnerability

Vulnerable URL: http://git-scm.com/blog.rss?' Details: Description| Value ---|--- Patched:| Yes, at 21.03.2016 Latest check for patch:| 21.03.2016 01:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5250 Google Pagerank| 8 VIP website status:| Yes Check...

Square git-fastclone Remote Code Execution Vulnerability

Square git-fastclone is a git clone. A remote security vulnerability exists in Square git-fastclone, which could be exploited by an attacker to submit a special request to execute arbitrary code...

Oracle: Security Advisory (ELSA-2015-2515)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

git19-git security update

1.9.4-3.1 - fix arbitrary code execution via crafted URLs Resolves: 1273889 1.9.4-3 - fix CVE-2014-9390 Resolves: rhbz1220552...

Source Control Management (SCM) Files/Folders Accessible (HTTP)

The script attempts to identify files/folders of a SCM accessible at the webserver. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

openSUSE Security Update : cgit (openSUSE-2016-86)

This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflo...

[SECURITY] Fedora 23 Update: cgit-0.12-1.fc23

Cgit is a fast web interface for git. It uses caching to increase performa nce...

[SECURITY] Fedora 22 Update: cgit-0.12-1.fc22

Cgit is a fast web interface for git. It uses caching to increase performa nce...

Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=696 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...