Pardus: 2010-103: Git: Arbitrary Code Execution

Posted by Benjamin D. Thomas

A vulnerability has been fixed in Git which can be exploited by malicious people to execute arbitrary code

------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-103           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-09
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been  fixed  in  Git  which  can  be  exploited  by
malicious people to execute arbitrary code


Description
==========
An exploitable buffer overrun was fixed in git. In  particular,  if  an
attacker were to create a crafted working copy where the user runs  any
git command, the attacker could force execution of arbitrary code.


Affected packages:

  Pardus 2009:
    git, all before 1.7.2.1-92-15


Resolution
=========
There are update(s) for git. You can update them via Package Manager or
with a single command from console:

    pisi up git

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id898
  * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2542

------------------------------------------------------------------------