Univention Bugzilla – Bug 54569
libgit2: Multiple issues (4.4)
Last modified: 2022-03-23 12:10:20 CET
New Debian libgit2 0.25.1+really0.24.6-1+deb9u1 fixes: This update addresses the following issues: * denial of service (DoS) via crafted repository index files (CVE-2018-8098) * denial of service (DoS) via crafted repository index files (CVE-2018-8099) * A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. (CVE-2018-10887) * A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (CVE-2018-10888) * out-of-bounds reads when processing smart-protocol ng packets (CVE-2018-15501) * files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams (CVE-2020-12278) * NTFS protections inactive when running Git in the Windows Subsystem for Linux (CVE-2020-12279)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libgit2_0.25.1+really0.24.6-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libgit2_0.25.1+really0.24.6-1+deb9u1.dsc @@ -1,3 +1,19 @@ +0.25.1+really0.24.6-1+deb9u1 [Mon, 07 Mar 2022 04:46:14 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch to fix potential OOB-read when processing + ng packet. (Fixes: CVE-2018-15501) + * Add patch to fix out-of-bounds read of delta. + (Fixes: CVE-2018-10888) + * Add patch to fix sign-extension of big left-shift. + (Fixes: CVE-2018-10887) + * Add patch to convert read_entry to return entry size + via an out-param. (Fixes: CVE-2018-8099) + * Add patch to disallow NTFS Alternate Data Stream attacks, + even on Linux/macOS. (Fixes: CVE-2020-12278) + * Add patch to protect against 8.3 "short name" attacks + also on Linux/macOS. (Fixes: CVE-2020-12279) + 0.25.1+really0.24.6-1 [Sun, 21 May 2017 18:18:47 +0200] Russell Sim <russell.sim@gmail.com>: * Revert 0.25.1 in unstable, 0.24.5 was already in unstable 0.25.1 was <http://piuparts.knut.univention.de/4.4-8/#5394548835315654144>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1206>