SuSE Local Security Checks : openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.851925

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)

Zusammenfassung: The remote host is missing an update for the 'gitolite'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'gitolite'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for gitolite fixes the following issues:

Gitolite was updated to 3.6.9:

- CVE-2018-16976: prevent racy access to repos in process of migration to
gitolite (boo#1108272)

- 'info' learns new '-p' option to show only physical repos (as opposed to
wild repos)

The update to 3.6.8 contains:

- fix bug when deleting *all* hooks for a repo

- allow trailing slashes in repo names

- make pre-receive hook driver bail on non-zero exit of a pre-receive hook

- allow templates in gitolite.conf (new feature)

- various optimiations

The update to 3.6.7 contains:

- allow repo-specific hooks to be organised into subdirectories, and allow
the multi-hook driver to be placed in some other location of your choice

- allow simple test code to be embedded within the gitolite.conf file see
contrib/utils/testconf for how. (This goes on the client side, not on
the server)

- allow syslog 'facility' to be changed, from the default of 'local0'

- allow syslog 'facility' to be changed, from the default of replaced with
a space separated list of members

The update to 3.6.6 contains:

- simple but important fix for a future perl deprecation (perl will be
removing '.' from @INC in 5.24)

- 'perms' now requires a '-c' to activate batch mode (should not affect
interactive use but check your scripts perhaps?)

- gitolite setup now accepts a '-m' option to supply a custom message
(useful when it is used by a script)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1118=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1118=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1118=1

Affected Software/OS:
gitolite on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-16976

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.851925
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)
Zusammenfassung:	The remote host is missing an update for the 'gitolite'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'gitolite' package(s) announced via the referenced advisory. Vulnerability Insight: This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) - 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to 3.6.8 contains: - fix bug when deleting all hooks for a repo - allow trailing slashes in repo names - make pre-receive hook driver bail on non-zero exit of a pre-receive hook - allow templates in gitolite.conf (new feature) - various optimiations The update to 3.6.7 contains: - allow repo-specific hooks to be organised into subdirectories, and allow the multi-hook driver to be placed in some other location of your choice - allow simple test code to be embedded within the gitolite.conf file see contrib/utils/testconf for how. (This goes on the client side, not on the server) - allow syslog 'facility' to be changed, from the default of 'local0' - allow syslog 'facility' to be changed, from the default of replaced with a space separated list of members The update to 3.6.6 contains: - simple but important fix for a future perl deprecation (perl will be removing '.' from @INC in 5.24) - 'perms' now requires a '-c' to activate batch mode (should not affect interactive use but check your scripts perhaps?) - gitolite setup now accepts a '-m' option to supply a custom message (useful when it is used by a script) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1118=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1118=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2018-1118=1 Affected Software/OS: gitolite on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16976
Copyright	Copyright (C) 2018 Greenbone Networks GmbH