--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2018-755a438aca
2018-07-27 14:31:20.295910
--------------------------------------------------------------------------------
Name : libgit2
Product : Fedora EPEL 7
Version : 0.26.5
Release : 1.el7
URL :
http://libgit2.github.com/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to 0.26.5 (CVE-2018-10887, CVE-2018-10888)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1598024 - CVE-2018-10888 libgit2: an improper input validation leads to an
out-of-bound read in git_delta_apply, allowing to read beyond delta limits
https://bugzilla.redhat.com/show_bug.cgi?id=1598024
[ 2 ] Bug #1598021 - CVE-2018-10887 libgit2: integer overflow leads to out-of-bounds
read in git_delta_apply, allowing to read before base array
https://bugzilla.redhat.com/show_bug.cgi?id=1598021
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update libgit2' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------