Bug 1781953 (CVE-2019-1348)
| Summary: | CVE-2019-1348 git: Arbitrary path overwriting via export-marks in-stream command feature | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, amahdal, besser82, c.david86, chazlett, chrisw, drieden, ggaughan, hhorak, janstey, jochrist, jorton, jwon, opohorel, pcahyna, pstodulk, sebastian.kisela, tmz |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | git 2.24.1, git 2.23.1, git 2.22.2, git 2.21.1, git 2.20.2, git 2.19.3, git 2.18.2, git 2.17.3, git 2.16.6, git 2.15.4, git 2.14.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-19 20:09:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1781955, 1784526, 1784527, 1784528, 1785182, 1785183 | ||
| Bug Blocks: | 1781145 | ||
|
Description
Pedro Sampaio
2019-12-10 23:52:06 UTC
Created git tracking bugs for this issue: Affects: fedora-all [bug 1781955] oss-security mailing list reference: https://www.openwall.com/lists/oss-security/2019/12/13/1 External References: https://github.com/git/git/security/advisories/GHSA-2pw3-gwg9-8pqr Mitigation: Avoid running `git fast-import` on untrusted input. Command `git fast-import` accepts, among other things, the in-stream command `feature export-marks=<path>`, which lets the stream write marks to an arbitrary path. If an attacker can control the input stream, he could overwrite an arbitrary path, though he could not fully control the content of the file because it has a standard format (each line is of the form `:markid SHA-1`). This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:4356 https://access.redhat.com/errata/RHSA-2019:4356 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1348 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0002 https://access.redhat.com/errata/RHSA-2020:0002 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0228 https://access.redhat.com/errata/RHSA-2020:0228 |