Bug 477523 (CVE-2008-5916)

Summary: git: gitweb local privilege escalation
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bkearney, chrisw, jwboyer, tmz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-12 14:16:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Hoger 2008-12-21 15:13:08 UTC
Git upstream released new maintenance releases fixing local privilege escalation flaw in gitweb.  Quoting upstream announcement:

  Current gitweb has a possible local privilege escalation bug that allows a
  malicious repository owner to run a command of his choice by specifying
  diff.external configuration variable in his repository and running a
  crafted gitweb query.

  Recent (post 1.4.3) gitweb itself never generates a link that would result
  in such a query, and the safest and cleanest fix to this issue is to
  simply drop the support for it.

http://article.gmane.org/gmane.comp.version-control.git/103624

Fixed upstream in: v1.6.0.6, v1.5.6.6, v1.5.5.6 and v1.5.4.7

Comment 1 Fedora Update System 2008-12-21 23:39:37 UTC
git-1.5.6.6-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 2 Fedora Update System 2008-12-21 23:39:47 UTC
git-1.5.4.3-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2008-12-21 23:41:21 UTC
git-1.6.0.6-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.