Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2009-051-02
HistoryFeb 20, 2009 - 5:06 p.m.

git

2009-02-2017:06:57
Slackware Linux Project
www.slackware.com
16

0.347 Low

EPSS

Percentile

96.7%

JSON

New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to
fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546

There are other security issues related to gitweb, which Slackware does not
ship, but could be added to a Slackware install. These problems are also
fixed with this update. The CVE entries for the gitweb issues may be found
here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517

Here are the details from the Slackware 12.2 ChangeLog:

patches/packages/git-1.6.1.3-i486-1_slack12.2.tgz: Upgraded to git-1.6.1.3.
This fixes a vulnerability where running git-diff or git-grep on a hostile
git repository would result in the execution of arbirary code as the git user.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/git-1.6.1.3-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/git-1.6.1.3-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/git-1.6.1.3-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-1.6.1.3-i486-1.tgz

MD5 signatures:

Slackware 12.0 package:
6c6af465722ff0abd8a796305ad4af21 git-1.6.1.3-i486-1_slack12.0.tgz

Slackware 12.1 package:
362ac15da4f60b84b40b1ee0d4b60890 git-1.6.1.3-i486-1_slack12.1.tgz

Slackware 12.2 package:
0766dc7d31229d4af357931a569cf38a git-1.6.1.3-i486-1_slack12.2.tgz

Slackware -current package:
69183cb0801be615924fc4c870bc9fb8 git-1.6.1.3-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg git-1.6.1.3-i486-1_slack12.2.tgz

Related

openvas 21
nessus 12
ubuntu 1
debian 3
seebug 2
packetstorm 1
exploitpack 1
redhatcve 3
exploitdb 1
gentoo 2
osv 2
prion 3
cve 3
ubuntucve 3
fedora 1
securityvulns 2
openvas
openvas
Slackware Advisory SSA:2009-051-02 git
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2009-051-02)
2012-09-10 00:00:00
Ubuntu: Security Advisory (USN-723-1)
2009-06-05 00:00:00
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)
2009-02-23 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)
2009-04-23 00:00:00
GLSA-200903-15 : git: Multiple vulnerabilities
2009-03-10 00:00:00
ubuntu
ubuntu
Git vulnerabilities
2009-02-18 00:00:00
debian
debian
[SECURITY] [DSA 1708-1] New Git packages fix remote code execution
2009-01-19 20:53:42
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
2008-09-15 07:38:47
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
2008-09-15 07:38:47
seebug
seebug
gitWeb v1.5.2 Remote Command Execution
2010-02-19 00:00:00
gitWeb 1.5.2 - Remote Command Execution
2014-07-01 00:00:00
packetstorm
packetstorm
gitWeb 1.x Remote Command Execution
2010-02-19 00:00:00
exploitpack
exploitpack
gitWeb 1.5.2 - Remote Command Execution
2010-02-18 00:00:00
redhatcve
redhatcve
CVE-2008-5517
2019-10-04 20:55:05
CVE-2008-5516
2019-10-04 20:54:58
CVE-2008-3546
2019-10-04 20:24:13
exploitdb
exploitdb
gitWeb 1.5.2 - Remote Command Execution
2010-02-18 00:00:00
gentoo
gentoo
git: Multiple vulnerabilties
2009-03-09 00:00:00
Git: User-assisted execution of arbitrary code
2008-09-25 00:00:00
osv
osv
git-core - remote code execution
2009-01-19 00:00:00
git-core - buffer overflow
2008-09-15 00:00:00
prion
prion
Design/Logic Flaw
2009-01-20 16:30:00
Design/Logic Flaw
2009-01-13 17:00:00
Stack overflow
2008-08-07 21:41:00
cve
cve
CVE-2008-5516
2009-01-20 16:30:00
CVE-2008-5517
2009-01-13 17:00:00
CVE-2008-3546
2008-08-07 21:41:00
ubuntucve
ubuntucve
CVE-2008-5516
2009-01-20 00:00:00
CVE-2008-5517
2009-01-13 00:00:00
CVE-2008-3546
2008-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: git-1.5.6.5-1.fc9
2008-10-23 16:40:34
securityvulns
securityvulns
git buffer overflow
2008-08-15 00:00:00
rPSA-2008-0253-1 git gitweb
2008-08-15 00:00:00

0.347 Low

EPSS

Percentile

96.7%

JSON
Related for SSA-2009-051-02
openvas21nessus12ubuntu1debian3seebug2packetstorm1exploitpack1redhatcve3exploitdb1gentoo2osv2prion3cve3ubuntucve3fedora1securityvulns2