Fedora: Security Advisory for libgit2 (FEDORA-2023-470c7ea49e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-libgit2-sys0.12 (FEDORA-2023-129fd06006)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: rust-libgit2-sys0.12-0.12.26-5.fc36

Native bindings to the libgit2 library...

[SECURITY] Fedora 36 Update: rust-libgit2-sys-0.13.5-1.fc36

Native bindings to the libgit2 library...

[SECURITY] Fedora 37 Update: rust-libgit2-sys0.12-0.12.26-5.fc37

Native bindings to the libgit2 library...

[SECURITY] Fedora 37 Update: rust-libgit2-sys-0.13.5-1.fc37

Native bindings to the libgit2 library...

Fedora 36 : rust-libgit2-sys (2023-055b389109)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-055b389109 advisory. Update to version 0.13.5 includes bundled libgit2 v1.4.5 with the latest security fixes. Tenable has extracted the preceding description block directly from...

Fedora 36 : rust-libgit2-sys0.12 (2023-07cf2ae114)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-07cf2ae114 advisory. Update bundled libgit2 to version 1.3.2 for the latest security fixes. Neither the 0.12 branch libgit2-sys nor the 1.3 branch of libgit2 branch are still...

Fedora 37 : rust-libgit2-sys0.12 (2023-129fd06006)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-129fd06006 advisory. Update bundled libgit2 to version 1.3.2 for the latest security fixes. Neither the 0.12 branch libgit2-sys nor the 1.3 branch of libgit2 branch are still...

Fedora 37 : rust-libgit2-sys (2023-db96a62414)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-db96a62414 advisory. Update to version 0.13.5 includes bundled libgit2 v1.4.5 with the latest security fixes. Tenable has extracted the preceding description block directly from...

[SECURITY] Fedora 37 Update: libgit2-1.3.2-1.fc37

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Fedora 37 : libgit2 (2023-470c7ea49e)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-470c7ea49e advisory. Update to 1.3.2 CVE-2022-29187, CVE-2022-24765 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Ubuntu: Security Advisory (USN-4798-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Input Validation

libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2 backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack...

CVE-2023-22742

A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's...

Vulnerability fixed in libgit2

A vulnerability has been fixed in libgit2. libgit2 is a library for providing git functionality to Python and Go applications. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a man-in-the-middle attack because libgit2 does not verify SSH certificates by...

abacuz (=0.1.1), almel (>=1.2.0 <=1.3.0) +531 more potentially affected by CVE-2023-22742 via libgit2-sys (>=0.10.0 <=0.13.2+1.4.2)

libgit2-sys CARGO version =0.10.0, =1.2.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2023-22742 Source advisory: OSV:GHSA-M4CH-RFV5-X5G3...

GHSA-M4CH-RFV5-X5G3 git2-rs fails to verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...

git2-rs fails to verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...

DEBIAN-CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...