USN-2938-1 Git vulnerabilities


Severity

High

Vendor

Ubuntu, Git

Versions Affected
  • All Git versions prior to 2.7.4
Description

Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository.

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • All versions of Pivotal Elastic Runtime
Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.18 or later OR 1.6.x versions to 1.6.19 or later
Credit

Laël Cellier

References