Due to a flaw in libgit2, it was possible to trigger a denial-of-service (DoS) attack on GitHub repositories by requesting maliciously-crafted remote repos. libgit2 is the distributed version control system (DVCS) library that libgit2-dev is the package dependency.
Prior to the release of libgit2 version 1.14.0, a remote DoS attack could be launched against repositories on GitHub by requesting a maliciously crafted Git repository.
In the libgit2 package, there was a vulnerability in version 1.14.0 for Red Hat Enterprise Linux 7 that could lead to a Denial-of-Service (DoS) attack against GitHub repositories. This issue has been fixed in version 1.19.2. Red Hat does not recommend updating to this version, as it is a security release. Instead, Red Hat recommends updating the libgit2 package, as detailed below.
Libgit2 package required for updating
The libgit2 package required for updating to version 1.19.2 is libgit2-dev 2.18.0-1 or higher
If you are running a previous version of the libgit2 package, update it to the latest available version 2.18.0-1 or higher first before updating to the latest version of libgit2 in order to prevent any issues.
How to update libgit2 on Red Hat Enterprise Linux 7
You should update to version 1.19.2 of libgit2 on Red Hat Enterprise Linux 7 in order to mitigate the vulnerability that was addressed by this security release.
yum -y update libgit2-1*
or, for more detail on what's updated and how, refer to the changelog:
yum -y --changelog libgit2-1*
Update libgit2 to version 1.19.2
To update the libgit2 package, use the following command:
yum update libgit2