8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.2%
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
patches/packages/git-2.35.5-i586-1_slack15.0.txz: Upgraded.
This release fixes two security issues:
--local
clone optimization, Git dereferences$GIT_DIR
when cloning from a malicious--local
$GIT_DIR/objects
directory.protocol.file.allow
is changed to begit shell
can result insplit_cmdline()
, leading to arbitrary heap writes andgit shell
is exposed and the directory$HOME/git-shell-commands
exists.git shell
is taught to refuse interactive commands that aresplit_cmdline()
is hardened to rejectWhere to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.6-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.6-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.6-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.6-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.6-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.30.6-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.35.5-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.35.5-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.38.1-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.38.1-x86_64-1.txz
MD5 signatures:
Slackware 14.0 package:
48ee1ee2b38d78db02f8a071685b9450 git-2.30.6-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
e28b635209f0609c6ef18e114a88fc16 git-2.30.6-x86_64-1_slack14.0.txz
Slackware 14.1 package:
1ad7ec8d222bbb240485dd62db3adf40 git-2.30.6-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
334f2f6a9eda3bb9a242d91fc40b97d4 git-2.30.6-x86_64-1_slack14.1.txz
Slackware 14.2 package:
346f1b5332fc9fa6c256578c6d2296f3 git-2.30.6-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
385741384f10e345bf736489096c7f63 git-2.30.6-x86_64-1_slack14.2.txz
Slackware 15.0 package:
c36b2529a04298271a42b54a2e22cd7c git-2.35.5-i586-1_slack15.0.txz
Slackware x86_64 15.0 package:
cf2c3403da6faf885008e4fa7f9ff5c4 git-2.35.5-x86_64-1_slack15.0.txz
Slackware -current package:
44fd8361f0920419437471089a87e984 d/git-2.38.1-i586-1.txz
Slackware x86_64 -current package:
09bd553a683015bdcd1549ff4465d704 d/git-2.38.1-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg git-2.35.5-i586-1_slack15.0.txz
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.2%