USN-3791-1: Git vulnerability
12 October 2018
Git could be made to run programs as your login if it recursively opened a malicious git repository.
Releases
Packages
- git - fast, scalable, distributed revision control system
Details
It was discovered that git did not properly validate git submodule
urls or paths. A remote attacker could possibly use this to craft a
git repository that causes arbitrary code execution when recursive
operations are used.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04
In general, a standard system update will make all the necessary changes.