Security Update for the Git version management tool
The free distributed version management system Git has several weaknesses that could allow an attacker to compromise a Git repository. The problem happens when path names in the repository are longer than the system defined
PATH_MAX value. The overflows occur in the
diff_addremove when they call out to the
rep commands. The flaw is sufficient to allow code on the stack to be executed or to lock the repository, but the attacker has to obtain repository access first.
The problem is reported as affecting version 220.127.116.11 but it is very likely that it affects previous versions. Version 18.104.22.168 fixes this error, along with other bug fixes. Git is the preferred source code control system of the Linux Kernel developers, the Git project being originally created by Linus Torvalds himself. Since this fix, Git have released version 22.214.171.124 which deals with non-security issues.