Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Fedora 39: FEDORA-2024-8ba389815f Critical: Rust-LSD Libgit2 Update

fedora
Calendar Grey February 20, 2024
Dist Fedora Esm H88
The latest patch for rust-lsd on Fedora 39 tackles significant vulnerabilities in libgit2, improving both the security measures and operational reliability of the application.
Update the git2 crate to version 0.18.2

Summary

An ls command with a lot of pretty colors and some other stuff.

Update Information:

Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Change Log

* Tue Feb 13 2024 Fabio Valentini - 1.0.0-3 - Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2 * Fri Jan 26 2024 Fedora Release Engineering - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263100 [ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263105

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-lsd
Product: Fedora 39
Version: 1.0.0
Release: 3.fc39
URL: Summary : Ls command with a lot of pretty colors and some other stuff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.