Lucene search

K
slackwareSlackware Linux ProjectSSA-2021-070-01
HistoryMar 12, 2021 - 2:43 a.m.

[slackware-security] git

2021-03-1202:43:49
Slackware Linux Project
www.slackware.com
66

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.903 High

EPSS

Percentile

98.7%

New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/git-2.17.6-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
On case-insensitive file systems with support for symbolic links, if Git is
configured globally to apply delay-capable clean/smudge filters (such as Git
LFS), Git could be fooled into running remote code during a clone. Credit for
finding and fixing this vulnerability goes to Matheus Tavares, helped by
Johannes Schindelin.
For more information, see:
https://vulners.com/cve/CVE-2021-21300
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the β€œGet Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.17.6-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.17.6-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.17.6-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.17.6-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.17.6-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.17.6-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.30.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.30.2-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
695074b32e19ea8912c0c8e039d67246 git-2.17.6-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
bbfe4df0f55756aa087a22bf9d954638 git-2.17.6-x86_64-1_slack14.0.txz

Slackware 14.1 package:
1e1beb552691af0fbef2e9abf54923b5 git-2.17.6-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
fc4c9a40d1bdec42db0a5b4c5f9f1f8c git-2.17.6-x86_64-1_slack14.1.txz

Slackware 14.2 package:
024d8b9cf96d410e965ae2a097307ba1 git-2.17.6-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
a9ade9e3be9e54c4b459bbe9b030d9a5 git-2.17.6-x86_64-1_slack14.2.txz

Slackware -current package:
04a6620183cffd3d59169184c63c826d d/git-2.30.2-i586-1.txz

Slackware x86_64 -current package:
8639968c64bac54ebb87e6d7ea2cff59 d/git-2.30.2-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg git-2.17.6-i586-1_slack14.2.txz

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.903 High

EPSS

Percentile

98.7%