Headline
Debian Security Advisory 5619-1
Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5619-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffFebruary 09, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libgit2CVE ID : CVE-2024-24577 CVE-2024-24575Two vulnerabilities were discovered in libgit2, a low-level Git library,which may result in denial of service or potentially the execution ofarbitrary code.For the oldstable distribution (bullseye), this problem has been fixedin version 1.1.0+dfsg.1-4+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.5.1+ds-1+deb12u1.We recommend that you upgrade your libgit2 packages.For the detailed security status of libgit2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libgit2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXGeNgACgkQEMKTtsN8TjatpBAAtY1nwqlQFnE//mah+rLfyeOtoM0XutnWZasAALawlg6h9RKMaOy7R1D3MKk5o4i5U7KqQih6YtCTy4JDfgZzJ+kCVXD5uEWEW6qRZGnEMXYtgrAUkG7VNCcGMwGei4nQFf1ZyCsP1ShaWyXa/sVkLtVYvqrWdXRSxf9p5Ky3lQh3cd9GXK3sWUbnzF3UK0ZFkocEmIX4qLE60s1bMQb/IrlgXguSutMqC5EHiVRhBvINmf3zC+ggLvk5fNre4rKns7RizMrkBKYFVwCeCXaBtKYhyE7T3otWu5mGsanE1c7aGTZDIH9HpRsT1JR9W5XI5HcDusajDJNy5v+Wl2/ohIfB3kECsfPITVql832X5DtqSNazNLA0RnYuAOa+7wElLrh6X2yFrahViOmie4smfc97LznpPhAXqy++jxnnYDTLUK/BCX3bIp5RkCTz5s6fsi64/2SO9KQscw+zKzKHSrIuPU42JYxfpo17kVDWfhU0mUbyygKFQmSKUQndaGUYpLXk7Iv4aoAXXRlWjV21uxxByKziDfHalTfthp2BjTmVdEutD/cc6Uwk9OJFnCMPBat07l4HlOypv0iYddNj7HVqOvgQz7NUuYLuDvC8VwdLgy4XyI8HnKmFOpMv04eqbwbTnv8uKvvvFMOMLWUEkS081a5tHmdVx0mJWInRW5k==ixWD-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6678-1 - It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.