GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Sep 25, 2008 9:26 pm Post subject: [ GLSA 200809-16 ] Git: User-assisted execution of arbitrary |
 |
|
Gentoo Linux Security Advisory
Title: Git: User-assisted execution of arbitrary code (GLSA 200809-16)
Severity: normal
Exploitable: remote
Date: September 25, 2008
Bug(s): #234075
ID: 200809-16
Synopsis
Multiple buffer overflow vulnerabilities have been discovered in Git.
Background
Git is a distributed version control system.
Affected Packages
Package: dev-util/git
Vulnerable: < 1.5.6.4
Unaffected: >= 1.5.6.4
Architectures: All supported architectures
Description
Multiple boundary errors in the functions diff_addremove() and
diff_change() when processing overly long repository path names were
reported.
Impact
A remote attacker could entice a user to run commands like "git-diff"
or "git-grep" on a specially crafted repository, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
Workaround
There is no known workaround at this time.
Resolution
All Git users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/git-1.5.6.4" |
References
CVE-2008-3546
Last edited by GLSA on Wed Nov 27, 2013 4:28 am; edited 2 times in total |
|
News & Announcements
