In association with heise online

07 August 2008, 10:48

Security Update for the Git version management tool

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The free distributed version management system Git has several weaknesses that could allow an attacker to compromise a Git repository. The problem happens when path names in the repository are longer than the system defined PATH_MAX value. The overflows occur in the diff_change and diff_addremove when they call out to the git-diff and rep commands. The flaw is sufficient to allow code on the stack to be executed or to lock the repository, but the attacker has to obtain repository access first.

The problem is reported as affecting version 1.5.6.3 but it is very likely that it affects previous versions. Version 1.5.6.4 fixes this error, along with other bug fixes. Git is the preferred source code control system of the Linux Kernel developers, the Git project being originally created by Linus Torvalds himself. Since this fix, Git have released version 1.5.6.5 which deals with non-security issues.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-736787
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit