Detections
Analytics

Oracle Linux 8 : git-lfs (ELSA-2023-2866)

high Nessus Plugin ID 176274

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2866 advisory.

 [3.2.0-2]
 - Rebuild with Golang-1.19.4
 - Resolves: #2163744

 [3.2.0-1]
 - Update to version 3.2.0
 - Resolves: #2139382

 [2.13.3-2]
 - Define %gobuild macro with proper ldflags
 - Related: rhbz#2021549

 [2.13.3-1]
 - Update to version 2.13.3
 - Fixed round brackets in Provides
 - Moved manpages.tgz to look-a-side cache
 - Resolves: rhbz#2021549, rhbz#1870080, rhbz#1866441

 [2.11.0-2]
 - Removed mangen source file
 - Cleaned docs/man folder
 - Resolves: rhbz#1852842

 [2.11.0-1]
 - Update to version 2.11.0
 - Resolves: rhbz#1783391

 [2.4.1-3]
 - Add pregenerated manpages, due to missing dependency 'ronn' in rhel7.

 [2.4.1-2]
 - Initial build for rh-git218-git-lfs-2.4.1

 [2.4.1-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 [2.4.1-1]
 - Update to latest release

 [2.4.0-3]
 - Fix %preun to correctly remove the lfs filter on uninstall (rhbz#1580357)

 [2.4.0-2]
 - Add %go_arches fallback to work around Koji issues

 [2.4.0-1]
 - Update to latest release.

 [2.3.4-6]
 - Add patches to build with Go 1.10.

 [2.3.4-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [2.3.4-4]
 - Use vendored libraries on RHEL
 - Skip test on RHEL
 - Don't build man pages on RHEL due to missing ronn
 - Don't build html versions of man pages

 [2.3.4-3]
 - Require git-core instead of git.

 [2.3.4-2]
 - Patch tests to work on slow systems like arm and aarch builders.
 - Fix 'git lfs help' command.

 [2.3.4-1]
 - Update to latest release.
 - Run all tests during build.

 [2.2.1-3]
 - Remove redundant doc tag on manpages.
 - Use path macros in %post/%postun.

 [2.2.1-2]
 - Disable unnecessary subpackages.

 [2.2.1-1]
 - Update to latest version.

 [2.0.2-2]
 - Patch up to build with Go 1.7

 [2.0.2-1]
 - Update to latest release
 - Add some requested macros

 [2.0.1-1]
 - Update to latest release
 - Don't disable git-lfs globally during upgrade

 [2.0.0-1]
 - Update to latest release

 [1.5.5-1]
 - Update to latest release
 - Add -devel and -unit-test-devel subpackages
 - Add post/preun scriptlets for global enablement

 [1.2.0-1]
 - Initial package

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected git-lfs package.

See Also

https://linux.oracle.com/errata/ELSA-2023-2866.html

Plugin Details

Severity: High

ID: 176274

File Name: oraclelinux_ELSA-2023-2866.nasl

Version: 1.1

Type: local

Agent: unix

Published: 5/24/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2022-2880

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:git-lfs

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2023

Vulnerability Publication Date: 10/4/2022

Reference Information

CVE: CVE-2022-2880, CVE-2022-41715, CVE-2022-41717

IAVB: 2022-B-0042-S, 2022-B-0059-S