Gentoo Linux Security Advisory 202411-05 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[15] Download^[16]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202411-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: libgit2: Multiple Vulnerabilities
Date: November 06, 2024
Bugs: #891525, #923971
ID: 202411-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in libgit2, the worst of
which could lead to arbitrary code execution.
Background
==========
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing you
to write native speed custom Git applications in any language that
supports C bindings.
Affected packages
=================
Package           Vulnerable    Unaffected
----------------  ------------  ------------
dev-libs/libgit2  < 1.7.2       >= 1.7.2
Description
===========
Multiple vulnerabilities have been discovered in libgit2. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libgit2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.7.2"
References
==========
[ 1 ] CVE-2023-22742
https://nvd.nist.gov/vuln/detail/CVE-2023-22742
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202411-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5

• Follow us on Twitter^[19]
• Follow us on Facebook^[20]
• Subscribe to an RSS Feed^[21]

File Tags

• ActiveX^[22] (933)
• Advisory^[23] (87,450)
• Arbitrary^[24] (17,184)
• BBS^[25] (2,859)
• Bypass^[26] (1,935)
• CGI^[27] (1,049)
• Code Execution^[28] (7,976)
• Conference^[29] (693)
• Cracker^[30] (845)
• CSRF^[31] (3,440)
• DoS^[32] (25,438)
• Encryption^[33] (2,397)
• Exploit^[34] (54,485)
• File Inclusion^[35] (4,280)
• File Upload^[36] (1,028)
• Firewall^[37] (822)
• Info Disclosure^[38] (2,939)
• Intrusion Detection^[39] (923)
• Java^[40] (3,166)
• JavaScript^[41] (911)
• Kernel^[42] (7,354)
• Local^[43] (14,889)
• Magazine^[44] (587)
• Overflow^[45] (13,271)
• Perl^[46] (1,435)
• PHP^[47] (5,331)
• Proof of Concept^[48] (2,420)
• Protocol^[49] (3,760)
• Python^[50] (1,675)
• Remote^[51] (31,984)
• Root^[52] (3,677)
• Rootkit^[53] (531)
• Ruby^[54] (645)
• Scanner^[55] (1,662)
• Security Tool^[56] (8,068)
• Shell^[57] (3,326)
• Shellcode^[58] (1,219)
• Sniffer^[59] (905)
• Spoof^[60] (2,312)
• SQL Injection^[61] (16,752)
• TCP^[62] (2,465)
• Trojan^[63] (690)
• UDP^[64] (921)
• Virus^[65] (675)
• Vulnerability^[66] (33,257)
• Web^[67] (10,176)
• Whitepaper^[68] (3,786)
• x86^[69] (970)
• XSS^[70] (18,344)
• Other^[71]

File Archives

• November 2024^[72]
• October 2024^[73]
• September 2024^[74]
• August 2024^[75]
• July 2024^[76]
• June 2024^[77]
• May 2024^[78]
• April 2024^[79]
• March 2024^[80]
• February 2024^[81]
• January 2024^[82]
• December 2023^[83]
• Older^[84]

Systems

• AIX^[85] (430)
• Apple^[86] (2,126)
• BSD^[87] (378)
• CentOS^[88] (61)
• Cisco^[89] (1,954)
• Debian^[90] (7,155)
• Fedora^[91] (1,693)
• FreeBSD^[92] (1,247)
• Gentoo^[93] (4,604)
• HPUX^[94] (881)
• iOS^[95] (393)
• iPhone^[96] (108)
• IRIX^[97] (220)
• Juniper^[98] (71)
• Linux^[99] (51,813)
• Mac OS X^[100] (696)
• Mandriva^[101] (3,105)
• NetBSD^[102] (256)
• OpenBSD^[103] (490)
• RedHat^[104] (17,236)
• Slackware^[105] (941)
• Solaris^[106] (1,615)
• SUSE^[107] (1,444)
• Ubuntu^[108] (9,965)
• UNIX^[109] (9,474)
• UnixWare^[110] (188)
• Windows^[111] (6,784)
• Other^[112]

© 2024 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/182532/glsa-202411-05.txt