[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0589 -- Oracle git

ID: oval:org.secpod.oval:def:1500098Date: (C)2013-03-20   (M)2022-10-10
Class: PATCHFamily: unix




Updated git packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. Git is a fast, scalable, distributed revision control system.It was discovered that Git#39;s git-imap-send command, a tool to send acollection of patches from standard input to an IMAP folder, didnot properly perform SSL X.509 v3 certificate validation on the IMAPserver#39;s certificate, as it did not ensure that the server#39;s hostnamematched the one provided in the CN field of the server#39;s certificate. Arogue server could use this flaw to conduct man-in-the-middle attacks,possibly leading to the disclosure of sensitive information.All git users should upgrade to these updated packages, which contain abackported patch to correct this issue.

Platform:
Oracle Linux 6
Product:
git
Reference:
ELSA-2013-0589
CVE-2013-0308
CVE    1
CVE-2013-0308
CPE    2
cpe:/o:oracle:linux:6
cpe:/a:git:git

© SecPod Technologies