1. Ubuntu Security Notices
  2. USN-3671-1

USN-3671-1: Git vulnerabilities

Publication date

5 June 2018

Overview

Several security issues were fixed in Git.

Releases

Packages

  • git - fast, scalable, distributed revision control system

Details

Etienne Stalmans discovered that git did not properly validate git
submodules files. A remote attacker could possibly use this to craft a
git repo that causes arbitrary code execution when “git clone
--recurse-submodules” is used. (CVE-2018-11235)

It was discovered that an integer overflow existed in git’s pathname
consistency checking code when used on NTFS filesystems. An attacker could
use this to cause a denial of service or expose sensitive information.
(CVE-2018-11233)

Etienne Stalmans discovered that git did not properly validate git
submodules files. A remote attacker could possibly use this to craft a
git repo that causes arbitrary code execution when “git clone
--recurse-submodules” is used. (CVE-2018-11235)

It was discovered that an integer overflow existed in git’s pathname
consistency checking code when used on NTFS filesystems. An attacker could
use this to cause a denial of service or expose sensitive information.
(CVE-2018-11233)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic git –  1:2.17.1-1ubuntu0.1
17.10 artful git –  1:2.14.1-1ubuntu4.1
16.04 xenial git –  1:2.7.4-0ubuntu1.4
14.04 trusty git –  1:1.9.1-1ubuntu0.8

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›