Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 18.10: USN-3829-1 Critical: Git Code Execution Issue

ubuntu
Calendar Grey November 28, 2018
Dist Ubuntu Esm H88
Tackling vulnerabilities in Git across various Ubuntu iterations with patches and enhancements released.
Several security issues were fixed in Git.

Summary

Several security issues were fixed in Git.

Software Description:

- git: fast, scalable, distributed revision control system

Details:

It was discovered that Git incorrectly handled layers of tree objects.

An attacker could possibly use this issue to cause a denial of service.

This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.

(CVE-2017-15298)

It was discovered that Git incorrectly handled certain inputs.

An attacker could possibly use this issue to execute arbitrary code.

This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.

(CVE-2018-19486)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  git                             1:2.19.1-1ubuntu1.1

Ubuntu 18.04 LTS:
  git                             1:2.17.1-1ubuntu0.4

Ubuntu 16.04 LTS:
  git                             1:2.7.4-0ubuntu1.6

Ubuntu 14.04 LTS:
  git                             1:1.9.1-1ubuntu0.10

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3829-1

  CVE-2017-15298, CVE-2018-19486

Severity
critical
Lowest
Low
Medium
High
Critical

November 27, 2018

Package Information

  https://launchpad.net/ubuntu/+source/git/1:2.19.1-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.4
  https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.6
  https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here