Debian: DSA-2114-1: New git-core packages fix regression

    Date26 Sep 2010
    CategoryDebian
    87
    Posted ByLinuxSecurity Advisories
    The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2114-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    September 26, 2010                    http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : git-core
    Vulnerability  : buffer overflow
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2010-2542
    Debian bug     : 595728 590026
    
    The Debian stable point release 5.0.6 included updated packages of
    the Git revision control system in order to fix a security issue.
    Unfortunately, the update introduced a regression which could make
    it impossible to clone or create git repositories.  This upgrade
    fixes this regression, which is tracked as Debian bug #595728.
    
    The original security issue allowed an attacker to execute arbitrary
    code if he could trick a local user to execute a git command in a
    crafted working directory (CVE-2010-2542).
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.5.6.5-3+lenny3.2.
    
    The packages for the hppa architecture are not included in this
    advisory.  However, the hppa architecture is not known to be affected
    by the regression.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), the security issue has been fixed in version 1.7.1-1.1. These
    distributions were not affected by the regression.
    
    We recommend that you upgrade your git-core packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 (stable) alias lenny
    - -----------------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.dsc
        Size/MD5 checksum:     1332 1ca802be6d1039154fea0f867fc1c3cf
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
        Size/MD5 checksum:  2103619 c22da91c913a02305fd8a1a2298f75c9
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.diff.gz
        Size/MD5 checksum:   228860 778ce77061180906a2aae9f22c606e93
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   267472 3c95d2a6bd41b0275c7f8e95ef12efa4
      http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   402182 634c011ec7a8ae782b0bff0be2134078
      http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   231542 a53d6f8319c8dd5182cdc224513d5bfd
      http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   218012 3b291893958b61fbe4825e7774ea2e9b
      http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   269864 2c9d96e08c55e34a83270cc34ce38463
      http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   268424 ad015248dfc153c22f4a95927c288912
      http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:  1249010 a4986335fde6824c01bb1dec115c0314
      http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   229804 e81867cadc7426d6361ac1dbbccce1c7
      http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny3.2_all.deb
        Size/MD5 checksum:   301022 dd567de6cd446f8362127f5f5876dae2
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_alpha.deb
        Size/MD5 checksum:  3809306 2910ff0e823c7b56eee4ceb51e6be806
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_amd64.deb
        Size/MD5 checksum:  3419816 ba89829009b57237c5a0630eb01c01c3
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_arm.deb
        Size/MD5 checksum:  3042360 5be0e0673a32062ad9ec56c0feee2a69
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_armel.deb
        Size/MD5 checksum:  3071030 168f3edcc71842c4a09b5d656a639be0
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_i386.deb
        Size/MD5 checksum:  3140010 429887ce79db588352636d24bcd42df7
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_ia64.deb
        Size/MD5 checksum:  4760744 4cd6c9386efdd3d684b616a2928c4fe9
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mips.deb
        Size/MD5 checksum:  3417818 376e6c42f288898369b61b4f6203b2ae
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mipsel.deb
        Size/MD5 checksum:  3421030 7578fae97f13c3fd21245c9be7e50503
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_powerpc.deb
        Size/MD5 checksum:  3482142 92729277795f88ca818304bcf3c6fda8
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_s390.deb
        Size/MD5 checksum:  3422802 05720c1cea472a17406fb2c0a917b4c2
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_sparc.deb
        Size/MD5 checksum:  3077076 7db8d2a588021c019561fe370baf81af
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"24","type":"x","order":"1","pct":54.55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.36,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.09,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.