Updated libgit2 packages fix security vulnerabilities
Publication date: 29 Aug 2017Modification date: 29 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8568 , CVE-2016-8569 , CVE-2016-10128 , CVE-2016-10129
Description
Read out-of-bounds in git_oid_nfmt (CVE-2016-8568).
DoS using a null pointer dereference in git_commit_message
(CVE-2016-8569).
Insufficient sanitization allows some edge cases in the Git Smart
Protocol which can lead to reading outside of a buffer (CVE-2016-10128,
CVE-2016-10129).
References
- https://bugs.mageia.org/show_bug.cgi?id=19792
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/
- https://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8568
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10129
SRPMS
5/core
- libgit2-0.21.1-3.2.mga5