Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorysecurity issuefedoraFedora: 2019-b276ee69a8 Critical: Gitolite3 Security Patch Released
3.6.11: https://github.com/sitaramc/gitolite/commit/b49133dc5f49b12807165ed2503 07213c1ac0a53. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-b276ee69a8 2019-01-19 02:25:20.762956 --------------------------------------------------------------------------------Name : gitolite3 Product : Fedora 29 Version : 3.6.11 Release : 1.fc29 URL : https://github.com/sitaramc/gitolite Summary : Highly flexible server for git directory version tracker Description : Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis. Gitolite can restrict who can read from (clone/fetch) or write to (push) a repository. It can also restrict who can push to what branch or tag, which is very important in a corporate environment. Gitolite can be installed without requiring root permissions, and with no additional software than git itself and perl. It also has several other neat features described below and elsewhere in the doc/ directory. --------------------------------------------------------------------------------Update Information: 3.6.11: https://github.com/sitaramc/gitolite/commit/b49133dc5f49b12807165ed2503 07213c1ac0a53 --------------------------------------------------------------------------------ChangeLog: * Tue Jan 8 2019 Gwyn Ciesla - 1:3.6.11-1 - 3.6.11. * Thu Oct 4 2018 Gwyn Ciesla - 1:3.6.10-1 - 3.6.10. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-b276ee69a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 19, 2019
•Critical
Fedora
202
security advisorymoderateupdateopenSUSE: 2019:0054-1 Moderate Update for Gitolite Security Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for gitolite ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0054-1 Rating: moderate References: #1121570 Cross-References: CVE-2018-20683 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gitolite fixes the following security issue: - CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options (boo#1121570) The version update to 3.6.11 also contains a number of upstream bug fixes. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-54=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-54=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-54=1 Package List: - openSUSE Leap 42.3 (noarch): gitolite-3.6.11-4.6.1 - openSUSE Leap 15.0 (noarch): gitolite-3.6.11-lp150.2.6.1 - openSUSE Backports SLE-15 (noarch): gitolite-3.6.11-bp150.3.6.1 References: https://www.suse.com/security/cve/CVE-2018-20683.html https://bugzilla.suse.com/1121570 -- . openSUSE Security Patch for gitolite addresses a moderate vulnerability linked to rsync command processing. Update is now accessible.. openSUSE Security Update, gitolite security patch, rsync command issue. . LinuxSecurity.com Team
Jan 18, 2019
OpenSUSE
202
security advisorymoderateupdateopenSUSE: 2018:3035-1 Moderate: Gitolite Access Control Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for gitolite ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3035-1 Rating: moderate References: #1108272 Cross-References: CVE-2018-16976 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) - 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to 3.6.8 contains: - fix bug when deleting *all* hooks for a repo - allow trailing slashes in repo names - make pre-receive hook driver bail on non-zero exit of a pre-receive hook - allow templates in gitolite.conf (new feature) - various optimiations The update to 3.6.7 contains: - allow repo-specific hooks to be organised into subdirectories, and allow the multi-hook driver to be placed in some other location of your choice - allow simple test code to be embedded within the gitolite.conf file; see contrib/utils/testconf for how. (This goes on the client side, not on the server) - allow syslog "facility" to be changed, from the default of 'local0' - allow syslog "facility" to be changed, from the default of replaced with a space separated list of members The update to 3.6.6 contains: - simple but important fix for a future perl deprecation (perl will be removing "." from @INC in 5.24) - 'perms' now requires a '-c' to activate batch mode (should not affect interactive use but check your scripts perhaps?) - gitolitesetup now accepts a '-m' option to supply a custom message (useful when it is used by a script) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1118=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1118=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2018-1118=1 Package List: - openSUSE Leap 42.3 (noarch): gitolite-3.6.9-4.3.1 - openSUSE Leap 15.0 (noarch): gitolite-3.6.9-lp150.2.3.1 - openSUSE Backports SLE-15 (noarch): gitolite-3.6.9-bp150.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16976.html https://bugzilla.suse.com/1108272 -- . New gitolite version released for openSUSE to tackle security vulnerabilities with moderate risks. Key updates implemented.. openSUSE Update, GITolite Security, Access Control Issues. . LinuxSecurity.com Team
Oct 05, 2018
OpenSUSE
89
security advisoryfedoraaccess controlOpenSUSE Leap 15 Update: 2018-bc072d7a2f Critical Gitolite3 Access Issue
3.6.9. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-dc060c6f2a 2018-09-21 07:41:02.267708 --------------------------------------------------------------------------------Name : gitolite3 Product : Fedora 28 Version : 3.6.9 Release : 1.fc28 URL : https://github.com/sitaramc/gitolite Summary : Highly flexible server for git directory version tracker Description : Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis. Gitolite can restrict who can read from (clone/fetch) or write to (push) a repository. It can also restrict who can push to what branch or tag, which is very important in a corporate environment. Gitolite can be installed without requiring root permissions, and with no additional software than git itself and perl. It also has several other neat features described below and elsewhere in the doc/ directory. --------------------------------------------------------------------------------Update Information: 3.6.9 --------------------------------------------------------------------------------ChangeLog: * Tue Sep 11 2018 Gwyn Ciesla - 1:3.6.9-1 - Latest upstream. * Tue Jul 17 2018 Gwyn Ciesla - 1:3.6.8-1 - Latest upstream. * Fri Jul 13 2018 Fedora Release Engineering - 1:3.6.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Jun 27 2018 Jitka Plesnikova - 1:3.6.7-6 - Perl 5.28 rebuild * Tue Apr 24 2018 Pierre-Yves Chibon - 1:3.6.7-5 - Back upstream patch making gitolite respect the ALLOW_ORPHAN_GL_CONF configuration variabe - Include the compile-1 command upstream brought in Fedora in: https://github.com/sitaramc/gitolite/commit/afb8afa14a892895dc48664c6526351cb --------------------------------------------------------------------------------References: [ 1 ] Bug #1629930 - CVE-2018-16976 gitolite3: gitolite: Improper restriction of access to a Git repository while migration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629930 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-dc060c6f2a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 21, 2018
•Critical
Fedora
89
security advisoryfedoraupdateFedora 29 Gitolite3 Security Advisory: Access Control Flaws Addressed
3.6.9. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-d0bac4ff3b 2018-09-21 05:19:39.112401 --------------------------------------------------------------------------------Name : gitolite3 Product : Fedora 29 Version : 3.6.9 Release : 1.fc29 URL : https://github.com/sitaramc/gitolite Summary : Highly flexible server for git directory version tracker Description : Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis. Gitolite can restrict who can read from (clone/fetch) or write to (push) a repository. It can also restrict who can push to what branch or tag, which is very important in a corporate environment. Gitolite can be installed without requiring root permissions, and with no additional software than git itself and perl. It also has several other neat features described below and elsewhere in the doc/ directory. --------------------------------------------------------------------------------Update Information: 3.6.9 --------------------------------------------------------------------------------References: [ 1 ] Bug #1629930 - CVE-2018-16976 gitolite3: gitolite: Improper restriction of access to a Git repository while migration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629930 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-d0bac4ff3b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 21, 2018
•Important
Fedora
87
security advisorydirectory traversalmoderate severityDebian: DSA-2215-1 Moderate: Gitolite Directory Traversal Threat
Dylan Simon discovered that gitolite, a SSH-based gatekeeper for git repositories, is prone to directory traversal attacks when restricting admin defined commands (ADC). This allows an attacker to execute arbitrary commands with privileges of the gitolite server via crafted command names. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2215-1
Apr 09, 2011
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!