Important: git

2016-03-24T12:00:00
ID ALAS-2016-672
Type amazon
Reporter Amazon
Modified 2016-03-24T12:00:00

Description

Issue Overview:

An integer truncation flaw (CVE-2016-2315 __) and an integer overflow flaw (CVE-2016-2324 __), both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.

Affected Packages:

git

Issue Correction:
Run yum update git to update your system.

New Packages:

i686:  
    git-2.7.4-1.47.amzn1.i686  
    git-svn-2.7.4-1.47.amzn1.i686  
    git-daemon-2.7.4-1.47.amzn1.i686  
    git-debuginfo-2.7.4-1.47.amzn1.i686

noarch:  
    emacs-git-el-2.7.4-1.47.amzn1.noarch  
    git-all-2.7.4-1.47.amzn1.noarch  
    emacs-git-2.7.4-1.47.amzn1.noarch  
    gitweb-2.7.4-1.47.amzn1.noarch  
    git-bzr-2.7.4-1.47.amzn1.noarch  
    git-p4-2.7.4-1.47.amzn1.noarch  
    perl-Git-2.7.4-1.47.amzn1.noarch  
    perl-Git-SVN-2.7.4-1.47.amzn1.noarch  
    git-hg-2.7.4-1.47.amzn1.noarch  
    git-email-2.7.4-1.47.amzn1.noarch  
    git-cvs-2.7.4-1.47.amzn1.noarch

src:  
    git-2.7.4-1.47.amzn1.src

x86_64:  
    git-svn-2.7.4-1.47.amzn1.x86_64  
    git-debuginfo-2.7.4-1.47.amzn1.x86_64  
    git-2.7.4-1.47.amzn1.x86_64  
    git-daemon-2.7.4-1.47.amzn1.x86_64