You are here
Home > Preporuke > Sigurnosni propust programskog paketa git

Sigurnosni propust programskog paketa git

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2835-1
December 15, 2015

git vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Git could be made to run programs as your login if it processed an
untrusted repository.

Software Description:
– git: fast, scalable, distributed revision control system

Details:

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly
handled recursive clones of git repositories. A remote attacker could
possibly use this issue to execute arbitrary code by injecting commands
via crafted URLs.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
git 1:2.5.0-1ubuntu0.1

Ubuntu 15.04:
git 1:2.1.4-2.1ubuntu0.1

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.2

Ubuntu 12.04 LTS:
git 1:1.7.9.5-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2835-1
CVE-2015-7545

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.5.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/git/1:2.1.4-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWcHEPAAoJEGVp2FWnRL6T5VIP/jdbJHrvk9wjrlpmZCmVWyEy
g7KbRsFlvyHW3c498vO5Sv7zvOkf3eAQSGiiS4d2rjZtFZGM5pGNIvZOivqNA2Mx
wOcJsPjjN7LitUMlFa1TuNNjvaIJlqBrnV9DTyi+apaT5N4YtI+7i9n78E/QtKgh
PzKhtnOEgraWPZ3XP6GDE3OJ7b4WIKukrrikWtgrE0gA1NWugzK+Ph5U1npzqi6W
LfUaMC34mBNm09QeiRj32Q5h1r5bW9yfoQDz7xSfe4iprFtD8LQNDKLHjhkc+oS6
ILpGJwze5mHJFtIHplSBNF3yQ2zgoGh/lUcqEwiwS29/heICt9+T8+oHKfxah+QX
55UHdhsJlCf/RB8EFhKe5tHHJ5/cSeQWLkOPYNg9YSQ3Z9QQowenTn2msvKWuTxa
ZK5OfztSjduxVnUpBZI+O+bIfcGH5Amj1h5/fxUHAQJ70fxftNluvTAQrXHvGpm1
0ogAl+cTckFcsoUFNC5f3ZKLLvhyrfx1QUu9w7qdrMfMpWStDHXXjARJynXD0G0M
J3FhGWh/VKwcViu1fB6++LxM68P97CFlwJhNmzvS+K8vr6MCRbs8OFPME57X438J
aDVPPqI61Mg52hNJkt+0SdP2LINbD8iFzMdQz5nWkCXrZ6MwB5RpkQrhRRGVgh+F
U8WPHDLlFJEAj6asSemu
=ibZr
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-12-0003-ADV
CveCVE-2015-7545
ID izvornikaUSN-2835-1
Proizvodgit
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava Red Hat Enterprise Linux 6. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih...

Close