Bug 617422 - git-core: upstream fix for buffer overrun (CVE-2010-2542)
git-core: upstream fix for buffer overrun (CVE-2010-2542)
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: git-core (Show other bugs)
13
All Linux
low Severity high
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks: CVE-2010-2542
  Show dependency treegraph
 
Reported: 2010-07-22 21:48 EDT by Greg Brockman
Modified: 2013-04-30 19:46 EDT (History)
4 users (show)

See Also:
Fixed In Version: git-1.7.2-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-27 08:28:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Greg Brockman 2010-07-22 21:48:47 EDT
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3

A fix for an exploitable buffer overrun (CVE-2010-2542, per [1]) was committed to git in [2]. In particular, if an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code.

This attack should be mitigated to a denial of service if git is compiled with appropriate stack-protecting flags, as is the case on Fedora.

This buffer overrun was introduced in [3], which first appeared in v1.5.6, and is fixed in v1.7.2.

[1] http://seclists.org/oss-sec/2010/q3/93
[2] http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc
[3] http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20

Reproducible: Always
Comment 1 Jan Lieskovsky 2010-07-26 03:08:36 EDT
This issue has been addressed in the current versions of the git
package, present in Fedora -testing repository (git-1.7.2-1.fc1{2,3,4}).
Comment 2 Adam Tkac 2010-07-27 08:28:23 EDT
Fixed in git-1.7.2-1.fc13.

Note You need to log in before you can comment on or make changes to this bug.