MGASA-2013-0091
| Date: | March 15rd, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated git packages fix security vulnerability:
It was discovered that Git's git-imap-send command, a tool to send a
collection of patches from standard input (stdin) to an IMAP folder, did
not properly perform SSL X.509 v3 certificate validation on the IMAP
server's certificate, as it did not ensure that the server's hostname
matched the one provided in the CN field of the server's certificate. A
rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information
(CVE-2013-0308).
Updated Packages:
i586:
gitweb-1.7.10-1.1.mga2.i586
git-email-1.7.10-1.1.mga2.i586
git-core-oldies-1.7.10-1.1.mga2.i586
git-1.7.10-1.1.mga2.i586
git-cvs-1.7.10-1.1.mga2.i586
libgit-devel-1.7.10-1.1.mga2.i586
git-svn-1.7.10-1.1.mga2.i586
git-prompt-1.7.10-1.1.mga2.i586
gitk-1.7.10-1.1.mga2.i586
gitview-1.7.10-1.1.mga2.i586
perl-Git-1.7.10-1.1.mga2.i586
python-git-1.7.10-1.1.mga2.i586
git-core-1.7.10-1.1.mga2.i586
git-arch-1.7.10-1.1.mga2.i586
x86_64:
gitview-1.7.10-1.1.mga2.x86_64
python-git-1.7.10-1.1.mga2.x86_64
gitk-1.7.10-1.1.mga2.x86_64
gitweb-1.7.10-1.1.mga2.x86_64
git-core-1.7.10-1.1.mga2.x86_64
git-1.7.10-1.1.mga2.x86_64
git-core-oldies-1.7.10-1.1.mga2.x86_64
git-cvs-1.7.10-1.1.mga2.x86_64
perl-Git-1.7.10-1.1.mga2.x86_64
git-arch-1.7.10-1.1.mga2.x86_64
lib64git-devel-1.7.10-1.1.mga2.x86_64
git-prompt-1.7.10-1.1.mga2.x86_64
git-email-1.7.10-1.1.mga2.x86_64
git-svn-1.7.10-1.1.mga2.x86_64
SRPMS:
git-1.7.10-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308
https://rhn.redhat.com/errata/RHSA-2013-0589.html
https://bugs.mageia.org/show_bug.cgi?id=9255
