Advisories ยป MGASA-2017-0440

Updated git packages fix security vulnerability

Publication date: 01 Dec 2017
Modification date: 01 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15298

Description

Git through 2.14.2 mishandles layers of tree objects, which allows
remote attackers to cause a denial of service (memory consumption) via a
crafted repository, aka a Git bomb. This can also have an impact of disk
consumption; however, an affected process typically would not survive
its attempt to build the data structure in memory before writing to disk
(CVE-2017-15298).
                

References

SRPMS

5/core

6/core