CyberSecurityBoard
Sponsor Register Login

Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard

Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to overwrite files outside the repository, inject arbitrary configuration, or even execute arbitrary code. Canonical, the company behind Ubuntu, has released security updates for various Ubuntu versions, including those under Extended Security Maintenance (ESM). Attackers could exploit this flaw to execute arbitrary code, posing a significant risk to system integrity. ELS provides five years of vendor-grade security patches after the official end-of-life date, covering over 140 packages, including Git, Linux kernel, OpenSSL, glibc, and more. It could allow attackers to craft and place malicious messages in the system, which could have serious implications for the integrity of your data. An attacker could create hardlinked arbitrary files into the repository’s object directory, threatening the availability and integrity of the system. For organizations running end-of-life Ubuntu versions, TuxCare’s ELS offers an affordable solution. If exploited, attackers could use them to execute arbitrary code on the system. For Ubuntu users on older, end-of-life versions like Ubuntu 16.04 and 18.04, Canonical offers ESM through the Ubuntu Pro subscription. For enterprises operating on legacy systems, TuxCare provides a reliable and cost-effective way to maintain security without the need for disruptive upgrades or migrations. They could place a specialized repository on a target’s system, leading to possible code execution or data manipulation. The post Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 appeared first on TuxCare.

This Cyber News was published on securityboulevard.com. Publication date: Wed, 02 Oct 2024 10:13:06 +0000


Cyber News related to Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard

Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard - Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to ...
3 months ago Securityboulevard.com
Ubuntu Security Updates Fixed Vim Vulnerabilities - Vim, a powerful and widely used text editor, has recently come under scrutiny due to several vulnerabilities that could potentially compromise system security. In this article, we will delve into the intricacies of these vulnerabilities, exploring ...
1 year ago Securityboulevard.com
CVE-2020-11008 - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open ...
4 years ago
CVE-2022-24765 - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ...
1 year ago
Critical Git vulnerability allows RCE when cloning repositories with submodules - Git is a widely-popular distributed version control system for collaborative software development. It can be installed on machines running Windows, macOS, Linux, and various *BSD distributions. Web-based software development platforms GitHub and ...
8 months ago Helpnetsecurity.com
CVE-2022-24826 - On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does ...
2 years ago
CVE-2021-23632 - All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js ...
2 years ago
Git Security Breach – Critical Flaws Found - Software vulnerabilities are a serious concern for companies and developers. Recently, prominent source code management service Git, has come under scrutiny after two critical vulnerabilities were discovered, which could have been exploited to ...
2 years ago Securityaffairs.com
Critical Git Vulnerabilities Discovered During Source Code Security Audit - Two critical vulnerabilities have been discovered in the popular Git version control system during a source code security audit. The vulnerabilities, CVE-2018-17456 and CVE-2018-17457, could both potentially allow a malicious user to overwrite parts ...
2 years ago Securityweek.com
CVE-2024-50338 - Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the ...
2 weeks ago Tenable.com
CVE-2020-26233 - Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, ...
3 years ago
CVE-2022-41903 - Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding ...
1 year ago
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
1 year ago Feeds.dzone.com
CVE-2023-40590 - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs ...
1 year ago
CVE-2024-35183 - wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl ...
8 months ago
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
3 months ago Cyberdefensemagazine.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
3 months ago Helpnetsecurity.com
CVE-2013-1899 - Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration ...
11 years ago
CVE-2013-0338 - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal ...
6 years ago
CVE-2013-1901 - PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. ...
11 years ago
CVE-2013-1944 - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Per ...
8 years ago
CVE-2013-1900 - PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors ...
7 years ago
CVE-2013-2021 - pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Per http://www.ubuntu.com/usn/USN-1816-1/ ...
1 year ago
CVE-2013-2020 - Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an ...
9 years ago
CVE-2016-9774 - The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)