Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Fedora 39: FEDORA-2024-8ba389815f Critical: rust-pore Heap Issue

fedora
Calendar Grey February 20, 2024
Dist Fedora Esm H88
A critical patch for Rust-Pore has been released, targeting memory corruption vulnerabilities and potential execution threats within Libgit2, specifically designed for Fedora 39.
Update the git2 crate to version 0.18.2

Summary

A performance oriented reimplementation of repo.

Update Information:

Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Change Log

* Tue Feb 13 2024 Fabio Valentini - 0.1.10-3 - Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2

References


[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263100 [ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263105

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-pore
Product: Fedora 39
Version: 0.1.10
Release: 3.fc39
URL: Summary : Performance oriented reimplementation of repo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.