Moderate CentOS git Update

Metadata

medium
4.3
emacs-git-1.7.1-3.el6_4.1.noarch.rpm, emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm, git-1.7.1-3.el6_4.1.i686.rpm, git-1.7.1-3.el6_4.1.src.rpm, git-1.7.1-3.el6_4.1.x86_64.rpm, git-all-1.7.1-3.el6_4.1.noarch.rpm, git-cvs-1.7.1-3.el6_4.1.noarch.rpm, git-daemon-1.7.1-3.el6_4.1.i686.rpm, git-daemon-1.7.1-3.el6_4.1.x86_64.rpm, git-email-1.7.1-3.el6_4.1.noarch.rpm, git-gui-1.7.1-3.el6_4.1.noarch.rpm, git-svn-1.7.1-3.el6_4.1.noarch.rpm, gitk-1.7.1-3.el6_4.1.noarch.rpm, gitweb-1.7.1-3.el6_4.1.noarch.rpm, perl-Git-1.7.1-3.el6_4.1.noarch.rpm
CVE-2013-0308
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-03-09
2017-07-27 19:05
CVE-2013-0308 git
CVE-2013-0308
2017-04-01 19:06
2017-01-05 20:10

Description


Updated git packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Git is a fast, scalable, distributed revision control system.

It was discovered that Git's git-imap-send command, a tool to send a
collection of patches from standard input (stdin) to an IMAP folder, did
not properly perform SSL X.509 v3 certificate validation on the IMAP
server's certificate, as it did not ensure that the server's hostname
matched the one provided in the CN field of the server's certificate. A
rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information.
(CVE-2013-0308)

All git users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 emacs-git emacs-git-1.7.1-3.el6_4.1.noarch.rpm
emacs-git-el emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm
git git-1.7.1-3.el6_4.1.i686.rpm
git git-1.7.1-3.el6_4.1.src.rpm
git git-1.7.1-3.el6_4.1.x86_64.rpm
git-all git-all-1.7.1-3.el6_4.1.noarch.rpm
git-cvs git-cvs-1.7.1-3.el6_4.1.noarch.rpm
git-daemon git-daemon-1.7.1-3.el6_4.1.i686.rpm
git-daemon git-daemon-1.7.1-3.el6_4.1.x86_64.rpm
git-email git-email-1.7.1-3.el6_4.1.noarch.rpm
git-gui git-gui-1.7.1-3.el6_4.1.noarch.rpm
gitk gitk-1.7.1-3.el6_4.1.noarch.rpm
git-svn git-svn-1.7.1-3.el6_4.1.noarch.rpm
gitweb gitweb-1.7.1-3.el6_4.1.noarch.rpm
perl-Git perl-Git-1.7.1-3.el6_4.1.noarch.rpm