Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Git
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Git
ID: USN-2938-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10
Datum: Di, 22. März 2016, 07:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
Applikationen: Git

Originalnachricht


--===============7338680592545789514==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="G4iJoqBmSsgzjUCe"
Content-Disposition: inline


--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2938-1
March 21, 2016

git vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Git could be made to crash or run programs as your login if it received
changes from a specially crafted remote repository.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

Laël Cellier discovered that Git incorrectly handled path strings in
crafted Git repositories. A remote attacker could use this issue to cause
a denial of service or possibly execute arbitrary code with the
privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
git 1:2.5.0-1ubuntu0.2

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.3

Ubuntu 12.04 LTS:
git 1:1.7.9.5-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2938-1
CVE-2016-2315, CVE-2016-2324

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.5.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.3
https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.3


--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW8E/7AAoJENaSAD2qAscKwvgP/jcksh+QTZjp7UKsR2NQRZQm
WIDIMfU51zh0kKE7FC3oDeW6aNqylI8AdxaaVI+yOjDg2E/Bl6qoGWwsK8MMoxek
Uv39NYCYuKqOMpLcBJGWXh35k7wXiLFfxO8Z45R6IQLEwPZ2ddEQKZSTib0vwn8B
xFvxNGd6P26Mw5idmS1FMrwT3QJyV3zD5JnvuGYZGsqOjMpjFDeSgS2EVMeQdTY1
dFJIabThWZuUIMeM6BzkfLZsnzYANtHcMP/qUHiT2FpnXRiZP5goPhwSl/B5erJK
o28nNUAG1ZX3IFc4BeVriyooeFPFUFg8aXXBiAhlX1eWwCQhfqtMhH+cvYXRf32E
rbOGiigm1nm3/uJ4XdLBWK1milHEMntsHNPdkyMfVhJIUwZO3l8aQWM3ztoZj9xp
NKaMepBja9WyWSeRMcLL2deYI/+6h/VJy7NB7Jmv0lviX+i/6D/QaaFabnx9Us4K
/Y3YEuP6HaHrO1Cy23Hwl/LbuyywkNtFaDDyveZYxtZOIWQ0Hsl/QyBTIGDPSWps
sTQyXRAZHBio7I7EmEV9hnjhUfauYfJFbg4x3RzM1IEhdXBNKjaVsfhSxsEBAt2R
/Kk3BK9cmEaqk+BCS4XsWNpDfAAS1eorry5hBxPS7y/bMh3FnNJLA+eF6HEPYFpT
lbgpcJYmCkH+vS2Bo9kT
=l6Fq
-----END PGP SIGNATURE-----

--G4iJoqBmSsgzjUCe--


--===============7338680592545789514==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7338680592545789514==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung