GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 19, 2020 8:26 pm Post subject: [ GLSA 202003-42 ] libgit2 |
 |
|
Gentoo Linux Security Advisory
Title: libgit2: Multiple vulnerabilities (GLSA 202003-42)
Severity: normal
Exploitable: local, remote
Date: 2020-03-19
Bug(s): #702522
ID: 202003-42
Synopsis
Multiple vulnerabilities have been found in libgit2, the worst of
which could result in the arbitrary execution of code.
Background
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API.
Affected Packages
Package: dev-libs/libgit2
Vulnerable: < 0.28.4
Unaffected: >= 0.28.4
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in libgit2. Please review
the CVE identifiers referenced below for details.
Impact
An attacker could possibly overwrite arbitrary paths, execute arbitrary
code, and overwrite files in the .git directory.
Workaround
There is no known workaround at this time.
Resolution
All libgit2 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libgit2-0.28.4"
|
References
CVE-2019-1348
CVE-2019-1350
CVE-2019-1387 |
|
News & Announcements
