USN-2835-1 git vulnerability


Severity

Medium

Vendor

git

Versions Affected
  • Ubuntu 14.04
Description

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.

The Cloud Foundry project released a new Cloud Foundry rootfs, cflinuxfs2 v.1.23.0, that has the patches.

Pivotal is releasing an updated version of Pivotal Cloud Foundry Suite which references this patched CF rootfs.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.23.0.
  • Pivotal Cloud Foundry Elastic Runtime versions prior to 1.6.9.
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.23.0 or later versions.
  • Pivotal recommends that customers upgrade to 1.6.9 or later versions of Pivotal Cloud Foundry Elastic Runtime.
Credit

Blake Burkhart

References