Discover Government News

=========================================================================Ubuntu Security Notice USN-2835-1
December 15, 2015

git vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Git could be made to run programs as your login if it processed an
untrusted repository.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly
handled recursive clones of git repositories. A remote attacker could
possibly use this issue to execute arbitrary code by injecting commands
via crafted URLs.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  git                             1:2.5.0-1ubuntu0.1

Ubuntu 15.04:
  git                             1:2.1.4-2.1ubuntu0.1

Ubuntu 14.04 LTS:
  git                             1:1.9.1-1ubuntu0.2

Ubuntu 12.04 LTS:
  git                             1:1.7.9.5-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2835-1
  CVE-2015-7545

Package Information:
  https://launchpad.net/ubuntu/+source/git/1:2.5.0-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/git/1:2.1.4-2.1ubuntu0.1
  https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.2


Ubuntu 2835-1: Git vulnerability

December 15, 2015
Git could be made to run programs as your login if it processed an untrusted repository.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: git 1:2.5.0-1ubuntu0.1 Ubuntu 15.04: git 1:2.1.4-2.1ubuntu0.1 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.2 Ubuntu 12.04 LTS: git 1:1.7.9.5-1ubuntu0.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2835-1

CVE-2015-7545

Severity
December 15, 2015

Package Information

https://launchpad.net/ubuntu/+source/git/1:2.5.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/git/1:2.1.4-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.2

Related News