[ASA-201912-5] libgit2: arbitrary code execution

Arch Linux Security Advisory ASA-201912-5 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 Package : libgit2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1075 Summa...

[SECURITY] Fedora 31 Update: libgit2-0.28.4-1.fc31

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Fedora 31 : libgit2 (2019-9c3d054f39)

This is a security release fixing the following issues : - CVE-2019-1348: the fast-import stream command 'feature export-marks=path' allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. - CVE-2019-1349: by...

MGASA-2019-0391 Updated libgit2 packages fix security vulnerabilities

libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...

Updated libgit2 packages fix security vulnerabilities

libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...

PT-2019-6259 · Libgit2 +3 · Libgit2 +3

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 0.28.4 libgit2 versions 0.9x prior to 0.99.0 Description: The issue is related to the path.c component of libgit2, which mishandles equivalent filenames due to NTFS Alternate Data Streams. This may allow a remote...

PT-2019-6258 · Libgit2 +3 · Libgit2 +3

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 0.28.4 libgit2 versions 0.9x prior to 0.99.0 Description: The issue is related to the checkout.c component of libgit2, which mishandles equivalent filenames due to NTFS short names. This may allow a remote attacker t...

libgit2:patch_parse_fuzzer: Heap-buffer-overflow in git_buf_decode_base85

Project: https://github.com/libgit2/libgit2.git Detailed Report: https://oss-fuzz.com/testcase?key=4789150477975552 Project: libgit2 Fuzzing Engine: libFuzzer Fuzz Target: patchparsefuzzer Job Type: libfuzzerasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

libgit2:patch_parse_fuzzer: Heap-buffer-overflow in stdalloc__strdup

Project: https://github.com/libgit2/libgit2.git Detailed Report: https://oss-fuzz.com/testcase?key=5645975162454016 Project: libgit2 Fuzzing Engine: afl Fuzz Target: patchparsefuzzer Job Type: aflasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address: 0x611000365d42...

FreeBSD : Libgit2 -- multiple vulnerabilities (d51b52cf-c199-11e9-b13f-001b217b3468)

The Git community reports : A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

CVE-2018-8099

Incorrect returning of an error code in the index.c:readentry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file...

Fedora Update for libgit2 FEDORA-2018-234c67b207

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : libgit2 (openSUSE-2019-986)

This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading '-' are now ignored to avoid injecting options into library consumers that perform recursive clones bsc1110949. Non-security issues fixed : - Version update to...

openSUSE Security Update : libgit2 (openSUSE-2019-638)

This update for libgit2 to version 0.26.5 fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to caus...

openSUSE Security Update : libgit2 (openSUSE-2019-21)

This update for libgit2 fixes the following issues : Security issues fixed : - CVE-2018-19456: Fixed a code execution by malicious .gitmodules file bsc1110949 - various string-to-integer and buffer handling fixes bsc1114729. This update was imported from the SUSE:SLE-12-SP2:Update update project...

openSUSE: Security Advisory for libgit2 (openSUSE-SU-2019:0021-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libgit2 (important)

openSUSE Security Update: Security update for libgit2 Announcement ID: openSUSE-SU-2019:0021-1 Rating: important References: 1110949 1114729 Cross-References: CVE-2018-19456 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has one errata is now available...

libgit2 Code Execution Vulnerability

libgit2 is a portable, C implementation of the Git core development kit . A code execution vulnerability exists in libgit2, which can be exploited by remote attackers to execute arbitrary code...