MGASA-2018-0434 - Updated gitolite packages fix security vulnerability Publication date: 03 Nov 2018 URL: https://advisories.mageia.org/MGASA-2018-0434.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-16976 Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access (CVE-2018-16976). References: - https://bugs.mageia.org/show_bug.cgi?id=23680 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FW77TT3SZUDFVK3UYO6WNT7GFUHWXDUO/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16976 SRPMS: - 6/core/gitolite-3.6.10-1.mga6
Mageia 2018-0434: gitolite security update
Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repos...
Summary
Updated gitolite package fixes security vulnerability:
Gitolite before 3.6.9 does not (in certain configurations involving @all
or a regex) properly restrict access to a Git repository that is in the
process of being migrated until the full set of migration steps has been
completed. This can allow valid users to obtain unintended access
(CVE-2018-16976).
References
- https://bugs.mageia.org/show_bug.cgi?id=23680
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FW77TT3SZUDFVK3UYO6WNT7GFUHWXDUO/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16976
Resolution
MGASA-2018-0434 - Updated gitolite packages fix security vulnerability
SRPMS
- 6/core/gitolite-3.6.10-1.mga6
Severity
Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0434.html
Type: security
CVE: CVE-2018-16976
News
HOWTOs
Features
About Us
Powered By
