Arch Linux: ASA-201603-20 Critical Remote Code Execution in Git
Mar 20, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package git before version 2.7.4-1 is vulnerable to remote code execution.
Arch Linux Security Advisory ASA-201603-20 ========================================= Severity: Critical Date : 2016-03-20 CVE-ID : CVE-2016-2324 Package : git Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package git before version 2.7.4-1 is vulnerable to remote code execution. Resolution ========= Upgrade to 2.7.4-1. # pacman -Syu "git>=2.7.4-1" The problem has been fixed upstream in versions 2.4.11, 2.5.5, 2.6.6 and 2.7.4. Workaround ========= None. Description ========== Laël Cellier discovered an integer overflow vulnerability in the path_name() function of git. Impact ===== A remote attacker can execute arbitrary code by crafting a malicious repository and either directly cloning it or getting a local user to clone it. References ========= https://seclists.org/oss-sec/2016/q1/653 https://access.redhat.com/security/cve/CVE-2016-2324
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!