Novell Home

CVE-2013-0308

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0308 at MITRE

Description

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 804730

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • git-debuginfo >= 1.7.12.4-0.5.1
  • git-debugsource >= 1.7.12.4-0.5.1
Builds
SAT Patch Nr: 7398
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >= 1.7.12.4-0.5.1
  • git-arch >= 1.7.12.4-0.5.1
  • git-core >= 1.7.12.4-0.5.1
  • git-cvs >= 1.7.12.4-0.5.1
  • git-daemon >= 1.7.12.4-0.5.1
  • git-email >= 1.7.12.4-0.5.1
  • git-gui >= 1.7.12.4-0.5.1
  • git-svn >= 1.7.12.4-0.5.1
  • git-web >= 1.7.12.4-0.5.1
  • gitk >= 1.7.12.4-0.5.1
Builds
SAT Patch Nr: 7398

© 2014 Novell