Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: 2023-0097 Critical: Ruby-Git Remote Code Execution

mageia
Calendar Grey March 18, 2023
Dist Mageia Esm H88
Mageia 2023-0097 announces a significant update for ruby-git, addressing a severe security flaw that allows for remote code execution.
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted fil...

Summary

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. (CVE-2022-46648, CVE-2022-47318)

References

- https://bugs.mageia.org/show_bug.cgi?id=31497

- https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/

- https://www.cve.org/CVERecord?id=CVE-2022-46648

- https://www.cve.org/CVERecord?id=CVE-2022-47318

Topics%20covered

Topics Covered

security advisory security issue critical software update remote code execution Mageia ruby-git

Resolution

SRPMS

- 8/core/ruby-git-1.6.0-1.2.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 18 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0097.html
Type: security
CVE: CVE-2022-46648, CVE-2022-47318

Topics%20covered

Topics Covered

security advisory security issue critical software update remote code execution Mageia ruby-git

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here