ELSA-2013-0589 -- Oracle gitID: oval:org.secpod.oval:def:1500098 | Date: (C)2013-03-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
Updated git packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. Git is a fast, scalable, distributed revision control system.It was discovered that Git#39;s git-imap-send command, a tool to send acollection of patches from standard input to an IMAP folder, didnot properly perform SSL X.509 v3 certificate validation on the IMAPserver#39;s certificate, as it did not ensure that the server#39;s hostnamematched the one provided in the CN field of the server#39;s certificate. Arogue server could use this flaw to conduct man-in-the-middle attacks,possibly leading to the disclosure of sensitive information.All git users should upgrade to these updated packages, which contain abackported patch to correct this issue.