USN-6678-1: libgit2 vulnerabilities

Read Time:52 Second

It was discovered that libgit2 mishandled equivalent filenames on NTFS
partitions. If a user or automated system were tricked into cloning a
specially crafted repository, an attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279)

It was discovered that libgit2 did not perform certificate checking by
default. An attacker could possibly use this issue to perform a
machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742)

It was discovered that libgit2 could be made to run into an infinite loop.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 23.10. (CVE-2024-24575)

It was discovered that libgit2 did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2024-24577)

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

Ransomware Attackers Target Industries with Low Downtime Tolerance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

USN-6678-1: libgit2 vulnerabilities

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

USN-7179-1: Linux kernel vulnerabilities

USN-7173-2: Linux kernel vulnerabilities

swiftlint-0.57.1-1.fc42

USN-7166-3: Linux kernel (HWE) vulnerabilities

USN-7159-4: Linux kernel (IoT) vulnerabilities