7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.164 Low
EPSS
Percentile
96.0%
Updated python-dulwich package fixes security vulnerabilities: It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich (CVE-2014-9706). Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the apply_delta() function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the execution of arbitrary code with the privileges of the user running a Git server or client based on Dulwich (CVE-2015-0838). The python-dulwich package has been updated to version 0.10.0, fixing these issues and other bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | python-dulwich | < 0.10.0-1 | python-dulwich-0.10.0-1.mga4 |