USN-4761-1: Git vulnerability

09 March 2021

Git could be made to run programs if it received specially crafted network traffic.

Releases

Packages

  • git - fast, scalable, distributed revision control system

Details

Matheus Tavares discovered that Git incorrectly handled delay-capable
clean/smudge filters when being used on case-insensitive filesystems. A
remote attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References