Updated git packages fix security vulnerability
Publication date: 01 Dec 2017Modification date: 01 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15298
Description
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk (CVE-2017-15298).
References
SRPMS
5/core
- git-2.7.6-1.1.mga5
6/core
- git-2.13.6-1.1.mga6