USN-2938-1 Git vulnerabilities

Severity

High

Vendor

Ubuntu, Git

Versions Affected

All Git versions prior to 2.7.4

Description

Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository.

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

Credit

Laël Cellier

References

http://www.ubuntu.com/usn/usn-2938-1
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2315.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2324.html
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt

USN-2938-1 Git vulnerabilities

Severity

Vendor

Versions Affected

Description

Credit

References

You Might Also Like

USN-6581-1: GNU binutils vulnerabilities

Various HTTP2 CVEs: Some Cloud Foundry products are impacted by HTTP denial of service attacks

USN-4512-1: util-linux vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!