USN-2938-1 Git vulnerabilities
Severity
High
Vendor
Ubuntu, Git
Versions Affected
- All Git versions prior to 2.7.4
Description
Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository.
Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- All versions of Pivotal Elastic Runtime
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.18 or later OR 1.6.x versions to 1.6.19 or later
Credit
Laël Cellier