USN-3791-1: Git vulnerability

12 October 2018

Git could be made to run programs as your login if it recursively opened a malicious git repository.

Releases

Packages

  • git - fast, scalable, distributed revision control system

Details

It was discovered that git did not properly validate git submodule
urls or paths. A remote attacker could possibly use this to craft a
git repository that causes arbitrary code execution when recursive
operations are used.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.

References