A security issue has been reported in GIT, which can be exploited by
malicious, local users to gain escalated privileges.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-88 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-12-23
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been reported in GIT, which can be exploited by
malicious, local users to gain escalated privileges.
Description
===========
The security issue is caused due to the "gitweb" implementation
improperly verifying repository configuration variables. This can be
exploited to execute arbitrary commands with the privileges of the
"gitweb" user via a specially crafted "diff.external" configuration
variable.
Affected packages:
Pardus 2008:
git, all before 1.6.0.6-74-11
git-emacs, all before 1.6.0.6-74-11
gitweb, all before 1.6.0.6-74-11
Resolution
==========
There are update(s) for git, git-emacs, gitweb. You can update them via
Package Manager or with a single command from console:
pisi up git git-emacs gitweb
References
==========
* http://article.gmane.org/gmane.comp.version-control.git/103
* http://secunia.com/Advisories/33270/
------------------------------------------------------------------------
-- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security