Secunia reports: Some vulnerabilities have been reported in GIT, which can potentially be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors in various functions when processing overly long repository pathnames. These can be exploited to cause stack-based buffer overflows by tricking a user into running e.g. "git-diff" or "git-grep" against a repository containing pathnames that are larger than the "PATH_MAX" value on the user's system. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in version 1.5.6.3. Prior versions may also be affected. Solution: Update to version 1.5.6.4. Upstream patch: http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 References: http://secunia.com/advisories/31347/ http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt
Looking at the patch, problem that was addressed was: char concatpath[PATH_MAX]; sprintf(concatpath, "%s%s", base, path); However, this overflow is caught by FORTIFY_SOURCE. RPMs are compiled with -D_FORTIFY_SOURCE=2 on Red Hat Enterprise Linux 5 and later. So on all current Fedora versions and EPEL5, overflow is detected before it happens and command execution is terminated. EPEL4 does not seem to use FORTIFY_SOURCE by default, so this can only be a concern there. On Fedora, this is only DoS, but I don't think such DoS needs to be treated as security sensitive.
http://git.kernel.org/?p=git/git.git;a=commitdiff;h=fd55a19eb1d49ae54008d932a65f79cd6fda45c9
CVE id CVE-2008-3546 was assigned to this issue: Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
Nico Golde pointed out two more related changesets: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=f66cf96 http://git.kernel.org/?p=git/git.git;a=commitdiff;h=620e2bb
git-1.5.6.5-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/git-1.5.6.5-1.fc9
git-1.5.6.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.