SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Git Vendors:   kernel.org
(CentOS Issues Fix) Git Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1035387
SecurityTracker URL:  http://securitytracker.com/id/1035387
CVE Reference:   CVE-2016-2315, CVE-2016-2324   (Links to External Site)
Date:  Mar 24 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in Git. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can push a specially crafted repository to trigger a heap overflow and execute arbitrary code on the target system [CVE-2016-2315].

Lael Cellier (@ytrezq) reported this vulnerability.

A remote authenticated user can push or clone a specially crafted repository to potentially execute arbitrary code on the target system [CVE-2016-2324].

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   CentOS has issued a fix.

i386:
4df8c85e583053f410931d5068ce0b27317f494272993309c6a80be9bd186d26 emacs-git-1.7.1-4.el6_7.1.noarch.rpm
f5152081d61f5401c627ff1f59d643d9314f5cd481dbbb058e94867dcf41b382 emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm
87d0c00d60ca45d864e25e6e905260936699796dc7959b995b5f25e845842d68 git-1.7.1-4.el6_7.1.i686.rpm
a4eae7ac377e362515e459fd7e6f38aa342c67bea6150e43e75ede38ae05c9d6 git-all-1.7.1-4.el6_7.1.noarch.rpm
8565ff89c0bc2cae821d5ecdfa0d403ae9b5bc1d8b7c7787a0489d39ec547ec4 git-cvs-1.7.1-4.el6_7.1.noarch.rpm
f1cd4367402ceb77d0ed65bd463c3514e7d4d14b50da0ab0e23d388487ddf216 git-daemon-1.7.1-4.el6_7.1.i686.rpm
d1d822654029cd4f3abdb9a682aafae764fa99dcac16f7f83b0e3804255b6c99 git-email-1.7.1-4.el6_7.1.noarch.rpm
d4bf822b26856aa5ca31aa968c1bf3dcd6e149f7b78521345247fc6244d0b9cb git-gui-1.7.1-4.el6_7.1.noarch.rpm
979eb00946e71d29c950204ea3deddc36a9b719d10d8ade95f0963643663e7e4 gitk-1.7.1-4.el6_7.1.noarch.rpm
fbb6c398046b54577abf4418b23588facb6e9f023c50e09fc1cd7c8c3409f4bc git-svn-1.7.1-4.el6_7.1.noarch.rpm
e187aadaee7f69706ccd5453a4029dddf49f8263fafd3cb8dd0e7517da3ec1e9 gitweb-1.7.1-4.el6_7.1.noarch.rpm
ef945770dfff1528f3ceb62b7a1514568df82d76691930245c1739a646b1d355 perl-Git-1.7.1-4.el6_7.1.noarch.rpm

x86_64:
4df8c85e583053f410931d5068ce0b27317f494272993309c6a80be9bd186d26 emacs-git-1.7.1-4.el6_7.1.noarch.rpm
f5152081d61f5401c627ff1f59d643d9314f5cd481dbbb058e94867dcf41b382 emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm
58f63625be84f830335e5b5b50c490e8831c76f0f3f0d9c45605f836bb3a60a2 git-1.7.1-4.el6_7.1.x86_64.rpm
a4eae7ac377e362515e459fd7e6f38aa342c67bea6150e43e75ede38ae05c9d6 git-all-1.7.1-4.el6_7.1.noarch.rpm
8565ff89c0bc2cae821d5ecdfa0d403ae9b5bc1d8b7c7787a0489d39ec547ec4 git-cvs-1.7.1-4.el6_7.1.noarch.rpm
dc66fa570bb6598affbd4aad12ef6c21821c281a6a1ad36a1111d551c2113c5f git-daemon-1.7.1-4.el6_7.1.x86_64.rpm
d1d822654029cd4f3abdb9a682aafae764fa99dcac16f7f83b0e3804255b6c99 git-email-1.7.1-4.el6_7.1.noarch.rpm
d4bf822b26856aa5ca31aa968c1bf3dcd6e149f7b78521345247fc6244d0b9cb git-gui-1.7.1-4.el6_7.1.noarch.rpm
979eb00946e71d29c950204ea3deddc36a9b719d10d8ade95f0963643663e7e4 gitk-1.7.1-4.el6_7.1.noarch.rpm
fbb6c398046b54577abf4418b23588facb6e9f023c50e09fc1cd7c8c3409f4bc git-svn-1.7.1-4.el6_7.1.noarch.rpm
e187aadaee7f69706ccd5453a4029dddf49f8263fafd3cb8dd0e7517da3ec1e9 gitweb-1.7.1-4.el6_7.1.noarch.rpm
ef945770dfff1528f3ceb62b7a1514568df82d76691930245c1739a646b1d355 perl-Git-1.7.1-4.el6_7.1.noarch.rpm

Source:
8645556c32bd985528b84c4e7ae9607aee45d34bf179e02824a939510adb7898 git-1.7.1-4.el6_7.1.src.rpm

x86_64:
995682f12f73c0dfb0dd3ee31aaad640e76977462e69f04e26b35a2e73751867 emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm
3dc418f0bd777483482682fa6b94db1f00cc102491a8a868769803b4cbb87b2c emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm
97a79393e5793e8519db8cec84514f2c0de17a4d226d84b9cc580d294e80861e git-1.8.3.1-6.el7_2.1.x86_64.rpm
b35123ee943cdaaf6e90cf08002b6cd6d977933c919fa6566ad2eca8143729f1 git-all-1.8.3.1-6.el7_2.1.noarch.rpm
693df19093b07241c0146c28aace0e2671461ce1d94c46438b911f47d01c14da git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm
235c80091390e5b4e814f31fa70c557532a1dcbf4dd468cc1587bce10f0f18e6 git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm
d9521f551580e6e83c94c0251ef90289864cbad3d973cac5f5add866b068fd87 git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm
6ce61208e0b88fe4948c152af1fcf4baf40043b56d85f2bab9b738d9f50afc34 git-email-1.8.3.1-6.el7_2.1.noarch.rpm
ca240e27031946c0c7391e21717b24dce6e44f4c36ad22ede7825e308115ecc8 git-gui-1.8.3.1-6.el7_2.1.noarch.rpm
c59ed6fc3534cd0be9dffccddb9415eec72ba6551b7dccd4ad104260b40ead04 git-hg-1.8.3.1-6.el7_2.1.noarch.rpm
a53dc01712d9acf4666d108582c886158f648aee0acb2a30eed4778b8399fc28 gitk-1.8.3.1-6.el7_2.1.noarch.rpm
6a239595436306e7fce5399b78643685c0aa30b44b3bb84159fdcd14a18f4760 git-p4-1.8.3.1-6.el7_2.1.noarch.rpm
b592ee69e053c01e987aeef7e85650e71cb9f16d9d8df6fefecebeaf0376c504 git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm
a02f7b8706a24966995fbd3308b9942a20fac21ef60d05353931f83127c277c9 gitweb-1.8.3.1-6.el7_2.1.noarch.rpm
24760b5cc231db2119965900f28a38b2494ab4685f9bc243cb7d11e3b8870d48 perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm
e358bceec8f486256df66a53f6c5efee7446032f720194c3ac7b70556cfaebb4 perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm

Source:
2db183bbfd7dbb52bf0cd77e5e7f0d7687dc599e75f492930b889e99653f8061 git-1.8.3.1-6.el7_2.1.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2016 Git Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0496 Important CentOS 7 git Security Update


CentOS Errata and Security Advisory 2016:0496 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0496.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
995682f12f73c0dfb0dd3ee31aaad640e76977462e69f04e26b35a2e73751867  emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm
3dc418f0bd777483482682fa6b94db1f00cc102491a8a868769803b4cbb87b2c  emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm
97a79393e5793e8519db8cec84514f2c0de17a4d226d84b9cc580d294e80861e  git-1.8.3.1-6.el7_2.1.x86_64.rpm
b35123ee943cdaaf6e90cf08002b6cd6d977933c919fa6566ad2eca8143729f1  git-all-1.8.3.1-6.el7_2.1.noarch.rpm
693df19093b07241c0146c28aace0e2671461ce1d94c46438b911f47d01c14da  git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm
235c80091390e5b4e814f31fa70c557532a1dcbf4dd468cc1587bce10f0f18e6  git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm
d9521f551580e6e83c94c0251ef90289864cbad3d973cac5f5add866b068fd87  git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm
6ce61208e0b88fe4948c152af1fcf4baf40043b56d85f2bab9b738d9f50afc34  git-email-1.8.3.1-6.el7_2.1.noarch.rpm
ca240e27031946c0c7391e21717b24dce6e44f4c36ad22ede7825e308115ecc8  git-gui-1.8.3.1-6.el7_2.1.noarch.rpm
c59ed6fc3534cd0be9dffccddb9415eec72ba6551b7dccd4ad104260b40ead04  git-hg-1.8.3.1-6.el7_2.1.noarch.rpm
a53dc01712d9acf4666d108582c886158f648aee0acb2a30eed4778b8399fc28  gitk-1.8.3.1-6.el7_2.1.noarch.rpm
6a239595436306e7fce5399b78643685c0aa30b44b3bb84159fdcd14a18f4760  git-p4-1.8.3.1-6.el7_2.1.noarch.rpm
b592ee69e053c01e987aeef7e85650e71cb9f16d9d8df6fefecebeaf0376c504  git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm
a02f7b8706a24966995fbd3308b9942a20fac21ef60d05353931f83127c277c9  gitweb-1.8.3.1-6.el7_2.1.noarch.rpm
24760b5cc231db2119965900f28a38b2494ab4685f9bc243cb7d11e3b8870d48  perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm
e358bceec8f486256df66a53f6c5efee7446032f720194c3ac7b70556cfaebb4  perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm

Source:
2db183bbfd7dbb52bf0cd77e5e7f0d7687dc599e75f492930b889e99653f8061  git-1.8.3.1-6.el7_2.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC