Joined: 12 May 2004
|Posted: Mon May 02, 2016 8:26 pm Post subject: [ GLSA 201605-01 ] Git
|Gentoo Linux Security Advisory
Title: Git: Multiple vulnerabilities (GLSA 201605-01)
Date: May 02, 2016
Bug(s): #562884, #577482
Git contains multiple vulnerabilities that allow for the remote
execution of arbitrary code.
Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
Vulnerable: < 2.7.3-r1
Unaffected: >= 2.7.3-r1
Architectures: All supported architectures
Git is vulnerable to the remote execution of arbitrary code by cloning
repositories with large filenames or a large number of nested trees.
Additionally, some protocols within Git, such as git-remote-ext, can
execute arbitrary code found within URLs. These URLs that submodules use
may come from arbitrary sources (e.g., .gitmodules files in a remote
repository), and can effect those who enable recursive fetch. Restrict
the allowed protocols to well known and safe ones.
Remote attackers could execute arbitrary code on both client and server.
There is no known workaround at this time.
All Git users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.7.3-r1"
Buffer overflow in all
git versions before 2.7.1