Sicherheit: Mehrere Probleme in Git

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1826953037885213976==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="9xu41lKnskxuXEK1OGve8F0fVNheXdEmd"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--9xu41lKnskxuXEK1OGve8F0fVNheXdEmd
Content-Type: multipart/mixed;
boundary="wCEuBefZkbhChpbAy2pPH96wC1RKRLjAW"

--wCEuBefZkbhChpbAy2pPH96wC1RKRLjAW
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4220-1
December 10, 2019

git vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Git.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

Joern Schneeweisz and Nicolas Joly discovered that Git contained various
security flaws. An attacker could possibly use these issues to overwrite
arbitrary paths, execute arbitrary code, and overwrite files in the .git
directory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
git 1:2.20.1-2ubuntu1.19.10.1

Ubuntu 19.04:
git 1:2.20.1-2ubuntu1.19.04.1

Ubuntu 18.04 LTS:
git 1:2.17.1-1ubuntu0.5

Ubuntu 16.04 LTS:
git 1:2.7.4-0ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4220-1
CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351,
CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387,
CVE-2019-19604

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.20.1-2ubuntu1.19.10.1
https://launchpad.net/ubuntu/+source/git/1:2.20.1-2ubuntu1.19.04.1
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.5
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.7

--wCEuBefZkbhChpbAy2pPH96wC1RKRLjAW--

--9xu41lKnskxuXEK1OGve8F0fVNheXdEmd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3v998ACgkQZWnYVadE
vpMLRg/8DUwOuccLWambDOSrTe2PBq6YL5JCFYaZE4X7a3HGfhsw8mbILEMjWEsl
9q1pWyYsW/2gl8nEN/oAp1M2/Kp8M5f5gLC/LI2aT+handKJAAy5a3ExkW/HCWEg
xJuoIAS4ijDE6VUoxQGXmSSNfoq0HE4PuFOBhHWBtaGPy+eGf5rbjQ8KpwwChiOO
aKpmmPnLoW8U6Oqx89xkWYrgt5lQvoimQfopAv31Oa++gJKjl6no1mcRgGHLKYx8
HZ4ZInLPyTDSlmYJz+VZ7zLyRr8+ZIrwQIMhKdrUAlN3UobB9o6AzrUgyw6BaGMK
SrKSf8PJeNv5bOkmAbbYBz8iahVSUijN5HgFMTfSbHo6V0RclU0gGqjUg/6b7t4k
brjCcH6WYBJO0/nk5owdR/hrqQZppXdAONSHX1B/G63kd71zPiCq283SHUUR07Gw
rcQIMdwUWUUSgfInN36g6nyDGMLydAAbk+bE3OocEouWNKTblvYwmb0yNbGzKUtL
fKqjfYrmVUq4qjhOSe90AcPbOSkjaFH3nI1OSd9uxTpmEyvxB/1TH3WNcYDQoZuo
Af30bitlIUqYu2ny27b9K4WeAfzE/baW+uklLT7BTz8hXR6zYsVJ253Q5ndQTbkq
TnThOrrt4q/WAMqDGqmG93R4mFBMsZRaohFZfe0VsesuNOU6QEk=
=xJvk
-----END PGP SIGNATURE-----

--9xu41lKnskxuXEK1OGve8F0fVNheXdEmd--

--===============1826953037885213976==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1826953037885213976==--