GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 15, 2020 10:26 pm Post subject: [ GLSA 202003-30 ] Git |
 |
|
Gentoo Linux Security Advisory
Title: Git: Multiple vulnerabilities (GLSA 202003-30)
Severity: normal
Exploitable: local, remote
Date: 2020-03-15
Bug(s): #702296
ID: 202003-30
Synopsis
Multiple vulnerabilities have been found in Git, the worst of which
could result in the arbitrary execution of code.
Background
Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
Affected Packages
Package: dev-vcs/git
Vulnerable: < 2.24.1
Unaffected: >= 2.21.1 < 2.21.2
Unaffected: >= 2.23.1-r1 < 2.23.2
Unaffected: >= 2.24.1 < 2.24.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Git. Please review the
CVE identifiers referenced below for details.
Impact
An attacker could possibly overwrite arbitrary paths, execute arbitrary
code, and overwrite files in the .git directory.
Workaround
There is no known workaround at this time.
Resolution
All Git 2.21.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.21.1"
|
All Git 2.23.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.1-r1"
|
All Git 2.24.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.1"
|
References
CVE-2019-1348
CVE-2019-1349
CVE-2019-1350
CVE-2019-1351
CVE-2019-1352
CVE-2019-1353
CVE-2019-1354
CVE-2019-1387
CVE-2019-19604
Last edited by GLSA on Sat Mar 21, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
