CyberSecurityBoard
Sponsor Register Login

Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard

Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to overwrite files outside the repository, inject arbitrary configuration, or even execute arbitrary code. Canonical, the company behind Ubuntu, has released security updates for various Ubuntu versions, including those under Extended Security Maintenance (ESM). Attackers could exploit this flaw to execute arbitrary code, posing a significant risk to system integrity. ELS provides five years of vendor-grade security patches after the official end-of-life date, covering over 140 packages, including Git, Linux kernel, OpenSSL, glibc, and more. It could allow attackers to craft and place malicious messages in the system, which could have serious implications for the integrity of your data. An attacker could create hardlinked arbitrary files into the repository’s object directory, threatening the availability and integrity of the system. For organizations running end-of-life Ubuntu versions, TuxCare’s ELS offers an affordable solution. If exploited, attackers could use them to execute arbitrary code on the system. For Ubuntu users on older, end-of-life versions like Ubuntu 16.04 and 18.04, Canonical offers ESM through the Ubuntu Pro subscription. For enterprises operating on legacy systems, TuxCare provides a reliable and cost-effective way to maintain security without the need for disruptive upgrades or migrations. They could place a specialized repository on a target’s system, leading to possible code execution or data manipulation. The post Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 appeared first on TuxCare.

This Cyber News was published on securityboulevard.com. Publication date: Wed, 02 Oct 2024 10:13:06 +0000


Cyber News related to Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard

Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 - Security Boulevard - Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to ...
2 weeks ago Securityboulevard.com
Ubuntu Security Updates Fixed Vim Vulnerabilities - Vim, a powerful and widely used text editor, has recently come under scrutiny due to several vulnerabilities that could potentially compromise system security. In this article, we will delve into the intricacies of these vulnerabilities, exploring ...
9 months ago Securityboulevard.com
CVE-2020-11008 - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open ...
4 years ago
CVE-2022-24765 - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ...
9 months ago
Critical Git vulnerability allows RCE when cloning repositories with submodules - Git is a widely-popular distributed version control system for collaborative software development. It can be installed on machines running Windows, macOS, Linux, and various *BSD distributions. Web-based software development platforms GitHub and ...
5 months ago Helpnetsecurity.com
CVE-2022-24826 - On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does ...
2 years ago
CVE-2021-23632 - All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js ...
2 years ago
Git Security Breach – Critical Flaws Found - Software vulnerabilities are a serious concern for companies and developers. Recently, prominent source code management service Git, has come under scrutiny after two critical vulnerabilities were discovered, which could have been exploited to ...
1 year ago Securityaffairs.com
Critical Git Vulnerabilities Discovered During Source Code Security Audit - Two critical vulnerabilities have been discovered in the popular Git version control system during a source code security audit. The vulnerabilities, CVE-2018-17456 and CVE-2018-17457, could both potentially allow a malicious user to overwrite parts ...
1 year ago Securityweek.com
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
9 months ago Feeds.dzone.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 weeks ago Helpnetsecurity.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
2 weeks ago Cyberdefensemagazine.com
CVE-2020-26233 - Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, ...
3 years ago
CVE-2022-41903 - Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding ...
9 months ago
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
9 months ago Feeds.dzone.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
10 months ago Microsoft.com
CVE-2023-40590 - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs ...
1 year ago
CVE-2024-35183 - wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl ...
5 months ago
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling - In the ever-evolving landscape of software development, it's become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle. Each of these have illuminated different vulnerabilities that can be exploited ...
10 months ago Securityboulevard.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
7 months ago Esecurityplanet.com
CVE-2013-1899 - Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration ...
10 years ago
CVE-2013-0338 - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal ...
5 years ago
CVE-2013-1901 - PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. ...
10 years ago
CVE-2013-1944 - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Per ...
8 years ago
CVE-2013-1900 - PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)