[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1477-1] libgit2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libgit2
Version        : 0.21.1-3+deb8u1
CVE ID         : CVE-2018-10887 CVE-2018-10888 CVE-2018-15501


CVE-2018-15501
     A potential out-of-bounds read when processing a "ng" smart packet
     might lead to a Denial of Service.

CVE-2018-10887
     A flaw has been discovered that may lead to an integer overflow which
     in turn leads to an out of bound read, allowing to read before the
     base object. This might be used to leak memory addresses or cause a
     Denial of Service.

CVE-2018-10888
     A flaw may lead to an out-of-bound read while reading a binary delta
     file. This might result in a Denial of Service.


For Debian 8 "Jessie", these problems have been fixed in version
0.21.1-3+deb8u1.

We recommend that you upgrade your libgit2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJbgcmzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHrjYP/RxOCyVMsWnQVf8yWabyifUD
Hw9x8XJ2Ca8p+kAaIVtopVZN+Uhi+syJ1MJk4n7vsxtp1hxuz1ezYOYJKf1v3uib
QSTukX1qRy+OnbdhR+6LfjA+d10W7xrCEMG2QqUYR+RqR3cCnZm5NWO4yZt54/w0
p7h5avDvqwq5vwAnkUTBmGH0vpkKJa+6JxFhpNkpWCagvMZnvj2FXCBeZPErXe0f
1KyOn2jHke8imicJmiY3Sj3sD+DKom5EBeI6vzXw9z7CFq2jL/qPZ7RZmelW9ooe
dM2Oe2PWlTGkROkTfddC8iK7xjQbA7lKJwXMrOouYGZoek5W0w+nkD1/7jsRysJP
z7/t1GVcUcJ8ZOd375TL/a6FyyinkJ5ZG2WXytSXrmzN56bNTYn0yMV2WiVeD7ht
N1vzT79yRjDr9ReZlPF6pjnO8CHOzh+UQR2IsV4pRNiDWL1sYg35wuiXWnkG0G/j
bOKTDWnJmOq4A5weuRuauQ6C2mXKN/mL45Acsy14yKAf9xrCb5RPjXvMLjx37qMs
nkB1aGJRlFKpGr7G0cFOzIye70f9ijxO+6wpUTNK6s13XnNBRbu8OeIGHOcLT4VZ
TrHICtzsWubRNoNFU6A4v/psrmukIxNpffr1vbJPazcCrembX8d83nK/oIK12BA6
PRp2JCFTOu+H92tV0z7s
=8nkp
-----END PGP SIGNATURE-----


Reply to: