SB2018102909 - OpenSUSE Linux update for libgit2 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018102909

SB2018102909 - OpenSUSE Linux update for libgit2

Published: October 29, 2018

Security Bulletin ID SB2018102909
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2018-10887)

The vulnerability allows a local attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The vulnerability exists due to integer overflow when unexpected sign extension in the git_delta_apply function of the delta.c file. A remote unauthenticated attacker can trigger an out-of-bounds read condition, bypass bounds check and read sensitive memory information or cause the service to crash.


2) Out-of-bounds read (CVE-ID: CVE-2018-10888)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to a missing check in the git_delta_apply function, as defined in the delta.c file. A remote unauthenticated attacker can trick the victim into opening a specially crafted binary delta file, trigger an out-of-bounds read condition and cause the service to crash.


3) Improper input validation (CVE-ID: CVE-2018-11235)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. A remote attacker can return specially crafted data to create or overwrite files on the target user's system when the repository is cloned and execute arbitrary code with elevated privileges.

4) Out-of-bounds read (CVE-ID: CVE-2018-15501)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read in ng_pkt in transports/smart_pkt.c in libgit2. A remote attacker can send a specially crafted smart-protocol "ng" packet that lacks a '' byte and cause the service to crash.


5) Double free (CVE-ID: CVE-2018-8099)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the read_entry() function due to a double free error. A remote attacker can send a specially crafted repository index file, trick the victim into opening it and cause the service to crash.

Remediation

Install update from vendor's website.

References