Updated git packages fix security vulnerability
Publication date: 25 Mar 2016Modification date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2315 , CVE-2016-2324
Description
There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees (CVE-2016-2315, CVE-2016-2324). The git package has been updated to version 2.7.4, which fixes this issue, as well as several other bugs. The cgit package bundles git, and its bundled copy of git has also been updated to version 2.7.4.
References
- https://bugs.mageia.org/show_bug.cgi?id=18013
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.4.0.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.5.0.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.0.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.2.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.3.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.4.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.0.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.1.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.2.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.3.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1317981
- http://openwall.com/lists/oss-security/2016/03/15/5
- http://openwall.com/lists/oss-security/2016/03/16/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
SRPMS
5/core
- git-2.7.4-1.mga5
- cgit-0.12-1.2.mga5