SB2018050220 - Fedora EPEL 7 update for libgit2, python-pygit2
Published: May 2, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018050220
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Double free (CVE-ID: CVE-2018-8099)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the read_entry() function due to a double free error. A remote attacker can send a specially crafted repository index file, trick the victim into opening it and cause the service to crash.
2) Out-of-bounds read (CVE-ID: CVE-2018-8098)
The vulnerability allow a remote attacker to cause DoS condition on the target system.The weakness exists in the index.c:read_entry() function due to out-of-bounds read while decompressing a compressed prefix length. A remote attacker can send a specially crafted repository index file, trick the victim into opening it and cause the service to crash.
Remediation
Install update from vendor's website.