openSUSE Security Update : git (openSUSE-SU-2011:0115-1)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes two vulnerabilities :

XSS vulnerability in gitweb; a remote attacker could craft an URL such
that arbitrary content would be inserted to the generated web page.

Stack overflow vulnerability that can lead to arbitrary code
execution if user runs any git command on a specially
crafted git working copy.

Security Issue references :

-
[CVE-2010-3906](http://cve.mitre.org/cgi-bin/cvename.cgi?nam
e=CVE-2010-3906)

-
[CVE-2010-2542](http://cve.mitre.org/cgi-bin/cvename.cgi?nam
e=CVE-2010-2542)

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?nam
http://lists.opensuse.org/opensuse-updates/2011-02/msg00010.html
https://bugzilla.novell.com/show_bug.cgi?id=624586
https://bugzilla.novell.com/show_bug.cgi?id=659281

Solution :

Update the affected git packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 53727 ()

Bugtraq ID:

CVE ID: CVE-2010-2542
CVE-2010-3906

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now