USN-2938-1: Git vulnerabilities

21 March 2016

Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository.

Releases

Packages

  • git - fast, scalable, distributed revision control system

Details

Laƫl Cellier discovered that Git incorrectly handled path strings in
crafted Git repositories. A remote attacker could use this issue to cause
a denial of service or possibly execute arbitrary code with the
privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
Ubuntu 14.04
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.