Fedora 38: 2024-993d3a78dd Critical: rust-lsd Arbitrary Code Execution
fedora
February 22, 2024
Update the git2 crate to version 0.18.2
Summary
An ls command with a lot of pretty colors and some other stuff.
Update Information:
Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Topics Covered
Change Log
* Tue Feb 13 2024 Fabio Valentini
References
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rust-lsd
Product: Fedora 38
Version: 1.0.0
Release: 3.fc38
URL: Summary : Ls command with a lot of pretty colors and some other stuff
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!