Debian: DSA-1841-2: New git-core packages fix build failure
Summary
It was discovered that git-daemon which is part of git-core, a popular
distributed revision control system, is vulnerable to denial of service
attacks caused by a programming mistake in handling requests containing
extra unrecognized arguments which results in an infinite loop. While
this is no problem for the daemon itself as every request will spawn a
new git-daemon instance, this still results in a very high CPU consumption
and might lead to denial of service conditions.
For the oldstable distribution (etch), this problem has been fixed in
version 1.4.4.4-4+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.6.5-3+lenny3.
For the testing distribution (squeeze), this problem has been fixed in
version 1:1.6.3.3-1.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.6.3.3-1.
We recommend that you upgrade your git-core packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Source archives:
Size/MD5 checksum: 1054130 99bc7ea441226f792b6f796a838e7ef0
Size/MD5 checksum: 73235 dc66a5a33f4d839abd293af8e9d1c7f0
Size/MD5 checksum: 806 4ecf33d79aef69bd3ee67e39bd2e5603
Architecture independent packages:
Size/MD5 checksum: 99956 bb358ac7ca0a4ff838d3b649fc280ac5
Size/MD5 checksum: 94344 35222422017d16424d60b572d448b2ed
Size/MD5 checksum: 101186 e50e5c5b047fd40306ec79177fb1e27b
Size/MD5 checksum: 63440 1ce3e8f130c61118e15f50fbea98f745
Size/MD5 checksum: 69120 555d3f7a0f717f022b837ec218840b5b
Size/MD5 checksum: 88662 089131cbe345889f72b524e8d0c657ed
Size/MD5 checksum: 55972 d06f9e25da08588e38b2c0a6fa346c4a
Size/MD5 checksum: 466846 3bef63b0904636416641058a04814b10
alpha architecture (DEC Alpha)
Size/MD5 checksum: 3088230 4515c64cfea5951473db08b8cc3435d3
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 2632004 b044de6564162f32353d84343e1e41ae
arm architecture (ARM)
Size/MD5 checksum: 2320858 3ed0f7b8c366351121fc9534df90d328
hppa architecture (HP PA RISC)
Size/MD5 checksum: 2694200 17f793cb6d02e633053f18d820ed63b1
i386 architecture (Intel ia32)
Size/MD5 checksum: 2349876 2c0d7e7f67af0f3d956626e4bf9c61a6
ia64 architecture (Intel ia64)
Size/MD5 checksum: 3815920 54305a771f4728607741fc91825abd60
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 2769740 ff6077a27445fa6be6dc6df8d7a412ae
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 2801552 d4a45ed2e6e0907d4a9b176ca9943e1d
powerpc architecture (PowerPC)
Size/MD5 checksum: 2639258 1626503d70b23864cc452876643b4b77
s390 architecture (IBM S/390)
Size/MD5 checksum: 2628348 7c6ba1577e3019fb36b9cd1e3b1ad9e0
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 2298750 ae0ebfaeceba12e48b1240f0e6cf2a14
Debian GNU/Linux 5.0 alias lenny
Source archives:
Size/MD5 checksum: 1332 f4dfc057bd2a48ba453816e04f34b7df
Size/MD5 checksum: 2103619 c22da91c913a02305fd8a1a2298f75c9
Size/MD5 checksum: 228640 87e8934e0efe7f374b21e0f8fb15474f
Architecture independent packages:
Size/MD5 checksum: 268052 976f1bdd1a003aa01360235d506a68b6
Size/MD5 checksum: 217816 a0719a52047880856fc560fbdd54311e
Size/MD5 checksum: 231042 a313316163e3db501357d834a1db7b90
Size/MD5 checksum: 267244 0b91300ac7fee3068cd7767f8998a6a6
Size/MD5 checksum: 298644 843b4c601e157df5f1ea559fe22e7a72
Size/MD5 checksum: 401594 d6737e683c17e09a3ecf7e9149af5de4
Size/MD5 checksum: 268286 1582d20b0024de9879e3f289129106d8
Size/MD5 checksum: 1076836 1ec7e1d1d2539ed4277c35bef096ae8b
Size/MD5 checksum: 229326 aaf22d02fe5ac00a424be096dd8c1f80
alpha architecture (DEC Alpha)
Size/MD5 checksum: 3808760 24030074496a4a25e448baf21aae4450
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 3419522 190a16cd10d5591706e79d15831d6bfa
arm architecture (ARM)
Size/MD5 checksum: 3045458 8bebf2cf789fcba33a1d0dfc8d259f6b
armel architecture (ARM EABI)
Size/MD5 checksum: 3068324 11e7a4ad3c4cd6c91b58d79536fdc282
hppa architecture (HP PA RISC)
Size/MD5 checksum: 3162798 fb850a0f8b458cc8ef68b7a98c25d269
i386 architecture (Intel ia32)
Size/MD5 checksum: 3139856 a19a17b97f8028298fe0bf0cc77fa139
ia64 architecture (Intel ia64)
Size/MD5 checksum: 4759214 30d6cc0cd9c19adc03e84ea6f4e0fa1d
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 3409214 7a4aa4251c5e8b9ece35b76fec637e68
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 3420712 1218f69d04d4b19bd06dbc8878aef769
powerpc architecture (PowerPC)
Size/MD5 checksum: 3473328 4fadd92d0f8554f29acb67e641cd355a
s390 architecture (IBM S/390)
Size/MD5 checksum: 3411332 0daeff8bd1b44a86c16d46572d51a43f
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 3069038 3ba2810657f07949ac284274f1356973
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show