Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 22: FEDORA-2016-215b507409 critical: cgit XSS And Buffer Overflow

fedora
Calendar Grey January 26, 2016
Dist Fedora Esm H88
Fedora 22 cgit upgrade addresses several security concerns, encompassing XSS and buffer overflow weaknesses.
Update to 0.12

Summary

Cgit is a fast web interface for git. It uses caching to increase performance.

Update Information:

Update to 0.12. Fixes bug #1298912

Change Log

References


[ 1 ] Bug #1298851 - CVE-2016-1899 cgit: Reflected XSS and header injection in mimetype query string https://bugzilla.redhat.com/show_bug.cgi?id=1298851 [ 2 ] Bug #1298854 - CVE-2016-1900 cgit: Stored Cross Site Scripting & Header Injection in Filename Parameter https://bugzilla.redhat.com/show_bug.cgi?id=1298854 [ 3 ] Bug #1298860 - CVE-2016-1901 cgit: Integer Overflow resulting in Buffer Overflow https://bugzilla.redhat.com/show_bug.cgi?id=1298860

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update cgit' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cgit
Product: Fedora 22
Version: 0.12
Release: 1.fc22
Summary: A fast web interface for git

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here