Debian: DSA-1841-1 Critical: Git-Core Denial Of Service Incident
debian
July 25, 2009
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mista...
Topics Covered
Summary
It was discovered that git-daemon which is part of git-core, a popular
distributed revision control system, is vulnerable to denial of service
attacks caused by a programming mistake in handling requests containing
extra unrecognized arguments which results in an infinite loop. While
this is no problem for the daemon itself as every request will spawn a
new git-daemon instance, this still results in a very high CPU consumption
and might lead to denial of service conditions.
For the oldstable distribution (etch), this problem has been fixed in
version 1.4.4.4-4+etch3.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.6.5-3+lenny2.
For the testing distribution (squeeze), this problem has been fixed in
version 1:1.6.3.3-1.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.6.3.3-1.
We recommend that you upgrade your git-core packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
w...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: git-core
CVE ID: CVE-2009-2108
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!