Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-20 ========================================= Severity: Critical Date : 2016-03-20 CVE-ID : CVE-2016-2324 Package : git Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package git before version 2.7.4-1 is vulnerable to remote code execution. Resolution ========= Upgrade to 2.7.4-1. # pacman -Syu "git>=2.7.4-1" The problem has been fixed upstream in versions 2.4.11, 2.5.5, 2.6.6 and 2.7.4. Workaround ========= None. Description ========== Laël Cellier discovered an integer overflow vulnerability in the path_name() function of git. Impact ===== A remote attacker can execute arbitrary code by crafting a malicious repository and either directly cloning it or getting a local user to clone it. References ========= https://seclists.org/oss-sec/2016/q1/653 https://access.redhat.com/security/cve/CVE-2016-2324