Detections
Analytics
Debian dsa-5619 : libgit2-1.1 - security update
critical Nessus Plugin ID 190381
Language:
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5619 advisory.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5619-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libgit2 CVE ID : CVE-2024-24577 CVE-2024-24575
Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
For the oldstable distribution (bullseye), this problem has been fixed in version 1.1.0+dfsg.1-4+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in version 1.5.1+ds-1+deb12u1.
We recommend that you upgrade your libgit2 packages.
For the detailed security status of libgit2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libgit2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXGeNgACgkQEMKTtsN8 TjatpBAAtY1nwqlQFnE//mah+rLfyeOtoM0XutnWZasAALawlg6h9RKMaOy7R1D3 MKk5o4i5U7KqQih6YtCTy4JDfgZzJ+kCVXD5uEWEW6qRZGnEMXYtgrAUkG7VNCcG MwGei4nQFf1ZyCsP1ShaWyXa/sVkLtVYvqrWdXRSxf9p5Ky3lQh3cd9GXK3sWUbn zF3UK0ZFkocEmIX4qLE60s1bMQb/IrlgXguSutMqC5EHiVRhBvINmf3zC+ggLvk5 fNre4rKns7RizMrkBKYFVwCeCXaBtKYhyE7T3otWu5mGsanE1c7aGTZDIH9HpRsT 1JR9W5XI5HcDusajDJNy5v+Wl2/ohIfB3kECsfPITVql832X5DtqSNazNLA0RnYu AOa+7wElLrh6X2yFrahViOmie4smfc97LznpPhAXqy++jxnnYDTLUK/BCX3bIp5R kCTz5s6fsi64/2SO9KQscw+zKzKHSrIuPU42JYxfpo17kVDWfhU0mUbyygKFQmSK UQndaGUYpLXk7Iv4aoAXXRlWjV21uxxByKziDfHalTfthp2BjTmVdEutD/cc6Uwk 9OJFnCMPBat07l4HlOypv0iYddNj7HVqOvgQz7NUuYLuDvC8VwdLgy4XyI8HnKmF OpMv04eqbwbTnv8uKvvvFMOMLWUEkS081a5tHmdVx0mJWInRW5k= =ixWD
-----END PGP SIGNATURE-----
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the libgit2-1.1 packages.See Also
https://security-tracker.debian.org/tracker/source-package/libgit2
https://security-tracker.debian.org/tracker/CVE-2024-24575
https://security-tracker.debian.org/tracker/CVE-2024-24577
Plugin Details
Severity: Critical
ID: 190381
File Name: debian_DSA-5619.nasl
Version: 1.2
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 2/10/2024
Updated: 1/24/2025
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-24577
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libgit2-dev, p-cpe:/a:debian:debian_linux:libgit2-fixtures, p-cpe:/a:debian:debian_linux:libgit2-1.5, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:libgit2-1.1
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 2/9/2024
Vulnerability Publication Date: 2/6/2024
Reference Information
CVE: CVE-2024-24575, CVE-2024-24577