Sicherheit: Ausführen beliebiger Kommandos in Git

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3315175638461334522==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="WP9mIKukByuH48U0cbxdQhePjsdaEacs0"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--WP9mIKukByuH48U0cbxdQhePjsdaEacs0
Content-Type: multipart/mixed;
boundary="K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO";
protected-headers="v1"
From: Spyros Seimenis <spyros.seimenis@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5d2fe1aa-716b-fa46-e945-38db8ac11923@canonical.com>
Subject: [USN-5076-1] Git vulnerability

--K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO
Content-Type: text/plain; charset=utf-8; format=flowe
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

==========================================================================
Ubuntu Security Notice USN-5076-1
September 13, 2021

git vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Git incorrectly handled certain repository paths.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

It was discovered that Git allowed newline characters in
certain repository paths. An attacker could potentially use this issue
to perform
cross-protocol requests.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
git 1:2.25.1-1ubuntu3.2

Ubuntu 18.04 LTS:
git 1:2.17.1-1ubuntu0.9

Ubuntu 16.04 ESM:
git 1:2.7.4-0ubuntu1.10+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5076-1
CVE-2021-40330

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.9

--K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO--

--WP9mIKukByuH48U0cbxdQhePjsdaEacs0
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE7RuHJXHViR7WJKbsGvpV6qjR/CAFAmE/ay0FAwAAAAAACgkQGvpV6qjR/CBy
+w//b+L5t1WAMiYCiXmjrYIIV9RboNuf9ycRd1ppte3k0jV/NkBBLvUfG1ajQKzHparhe6yEmceX
51B9JsnH2DJ4S+uzDYmRCMYZddKQCdDv1heeCm0XannHYVBV6sp1MFweOtAK6Zb8BucUKtADZLaA
jwExRKwEmR3vxfbWyyfF7xH5El9ssWeI6sv4VyEREE1i6iL3irG3v0eZHDJwLQ8e1HhiNpOPQyDa
bymm4icwD+EVOlaOWDCKdmoplesIF7n/n4N7y7TkqFoObwRDHIUEiq7Rs00h+AhuEnke9l8cmWiH
1GKX5AmMMDIaqLjJwdF90ekGmN8brGhomZRImAGkiwXgSVLvZy0VwcQGUyQtrsVDISK+u4w4AB1F
A4g/phzHjD5Lm+1OpZLfPlgicuzGc8HBzEf5SAEAhplsXdBjzO6kypLd9CzW1ppI+krr9C2yw7M8
h2mGRfUIuGBP0XOPKXc9yxFNzAyFgpkvrgzWxknNT6q8DKujuuzPYc114h+LFrtR/UjC6RZUvWun
5WByvuzpZvtu4ndyXgDXuz00QUf/+PygaVBDGBxwZGVI4uDmlr6I/i/1sVM1IW9qnPu0M4Oql4X+
W/Ym9lTR1TJ74y+/zwVXKjcMCTa6p/dqWeHyWMdU+2IZpGdkcD4mZiG0c4KO3paDluv1aSyKaDaZ
DQ0=
=S4cG
-----END PGP SIGNATURE-----

--WP9mIKukByuH48U0cbxdQhePjsdaEacs0--

--===============3315175638461334522==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3315175638461334522==--