Описание
Security update for libgit2
libgit2 was updated to fix two security issues.
These security issues were fixed:
- CVE-2016-8568: Read out-of-bounds in git_oid_nfmt (bsc#1003810).
- CVE-2016-8569: DoS caused by a NULL pointer dereference in git_commit_message (bsc#1003810).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
libgit2-0.24.1-3.1
libgit2-24-0.24.1-3.1
libgit2-24-32bit-0.24.1-3.1
libgit2-devel-0.24.1-3.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3097-1
- SUSE Security Ratings
Описание
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Затронутые продукты
openSUSE Leap 42.2:libgit2-0.24.1-3.1
openSUSE Leap 42.2:libgit2-24-0.24.1-3.1
openSUSE Leap 42.2:libgit2-24-32bit-0.24.1-3.1
openSUSE Leap 42.2:libgit2-devel-0.24.1-3.1
Ссылки
- CVE-2016-8568
- SUSE Bug 1003810
- SUSE Bug 1019036
- SUSE Bug 1019037
Описание
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Затронутые продукты
openSUSE Leap 42.2:libgit2-0.24.1-3.1
openSUSE Leap 42.2:libgit2-24-0.24.1-3.1
openSUSE Leap 42.2:libgit2-24-32bit-0.24.1-3.1
openSUSE Leap 42.2:libgit2-devel-0.24.1-3.1
Ссылки
- CVE-2016-8569
- SUSE Bug 1003810
- SUSE Bug 1019036
- SUSE Bug 1019037