Fedora 38: FEDORA-2024-993d3a78dd Critical: Rust-Asyncgit Issues
fedora
February 22, 2024
Update the git2 crate to version 0.18.2
Summary
Allow using git2 in a asynchronous context.
Update Information:
Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Change Log
* Tue Feb 13 2024 Fabio Valentini
References
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rust-asyncgit
Product: Fedora 38
Version: 0.24.3
Release: 3.fc38
URL: Summary : Allow using git2 in a asynchronous context
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!