Bug 505761 (CVE-2009-2108)
Summary: | CVE-2009-2108 git daemon Denial of Service with unknown "extra arg" information | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Todd Zullinger <tmz> |
Component: | git | Assignee: | Todd Zullinger <tmz> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | bkearney, bressers, chrisw, jwboyer, tmz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.6.0.6-4.fc10 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-24 19:17:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Todd Zullinger
2009-06-13 15:34:31 UTC
CVE-2009-2108: git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. git-1.6.2.5-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/git-1.6.2.5-1.fc11 git-1.6.0.6-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/git-1.6.0.6-4.fc10 git-1.6.0.6-4.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/git-1.6.0.6-4.fc9 git-1.6.0.6-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. git-1.6.2.5-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. git-1.6.0.6-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |