Univention Bugzilla – Bug 47547
git: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:41 CEST
New Debian git 1:2.1.4-2.1+deb8u6 fixes: This update addresses the following issue(s): * CVE_2017-15298 is open * In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. (CVE-2018-11233) * In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (CVE-2018-11235) CVE_2018-1000021 is open 1:2.1.4-2.1+deb8u6 (Mon, 28 May 2018 16:30:30 -0700) * Fix CVE-2018-11235, arbitrary code execution via submodule names in .gitmodules file: - submodule: verify submodule names as paths - fsck: drop inode-sorting code - fsck: simplify ".git" check - fsck: fsck blob data - fsck: detect gitmodules files - fsck: check .gitmodules content - fsck: call fsck_finish after fscking objects - unpack-objects: call fsck_finish after fscking objects - index-pack: check .gitmodules files with --strict * Fix CVE-2018-11233, out-of-bounds read when validating NTFS paths: - is_ntfs_dotgit: use a size_t for traversing string * Do not allow .gitmodules to be a symlink: - is_hfs_dotgit: loosen over-eager match of \u{..47} - is_hfs_dotgit: match other .git* files - is_ntfs_dotgit: match other .git* files - is_{hfs,ntfs}_dotgitmodules: add tests - skip_prefix: add case-insensitive variant - verify_path: drop clever fallthrough - verify_dotfile: mention case-insensitivity in comment - update-index: stat updated files earlier - verify_path: disallow .gitmodules symlinks - fsck: complain when .gitmodules is a symlink Thanks to Brandon Williams, Etienne Stalmans, and Jeff King for discovering and reporting these vulnerabilities and to Jeff King and Johannes Schindelin for fixing them. * Prevent "git apply" without --index from escaping the current directory (compare GNU patch's CVE-2015-1196): - apply: reject input that touches outside the working area - apply: do not read from the filesystem under --index - apply: do not read from beyond a symbolic link - apply: do not touch a file beyond a symbolic link Thanks to Josh Boyer for reporting this vulnerability and Junio C Hamano for fixing it. * CVE-2018-11233 git: path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233) * CVE-2018-11235 git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) * CVE-2015-1196 patch: directory traversal via symlinks (CVE-2015-1196)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/git_2.1.4-2.1+deb8u5.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/git_2.1.4-2.1+deb8u6.dsc @@ -1,3 +1,44 @@ +1:2.1.4-2.1+deb8u6 [Mon, 28 May 2018 16:30:30 -0700] Jonathan Nieder <jrnieder@gmail.com>: + + * Fix CVE-2018-11235, arbitrary code execution via submodule names + in .gitmodules file: + - submodule: verify submodule names as paths + - fsck: drop inode-sorting code + - fsck: simplify ".git" check + - fsck: fsck blob data + - fsck: detect gitmodules files + - fsck: check .gitmodules content + - fsck: call fsck_finish after fscking objects + - unpack-objects: call fsck_finish after fscking objects + - index-pack: check .gitmodules files with --strict + * Fix CVE-2018-11233, out-of-bounds read when validating NTFS paths: + - is_ntfs_dotgit: use a size_t for traversing string + * Do not allow .gitmodules to be a symlink: + - is_hfs_dotgit: loosen over-eager match of \u{..47} + - is_hfs_dotgit: match other .git* files + - is_ntfs_dotgit: match other .git* files + - is_{hfs,ntfs}_dotgitmodules: add tests + - skip_prefix: add case-insensitive variant + - verify_path: drop clever fallthrough + - verify_dotfile: mention case-insensitivity in comment + - update-index: stat updated files earlier + - verify_path: disallow .gitmodules symlinks + - fsck: complain when .gitmodules is a symlink + + Thanks to Brandon Williams, Etienne Stalmans, and Jeff King for + discovering and reporting these vulnerabilities and to Jeff King and + Johannes Schindelin for fixing them. + + * Prevent "git apply" without --index from escaping the current + directory (compare GNU patch's CVE-2015-1196): + - apply: reject input that touches outside the working area + - apply: do not read from the filesystem under --index + - apply: do not read from beyond a symbolic link + - apply: do not touch a file beyond a symbolic link + + Thanks to Josh Boyer for reporting this vulnerability and Junio C + Hamano for fixing it. + 1:2.1.4-2.1+deb8u5 [Mon, 25 Sep 2017 12:12:03 -0700] Jonathan Nieder <jrnieder@gmail.com>: * Fix remote shell command execution via CVS protocol: <http://10.200.17.11/4.2-4/#8728832221640217447>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] d5716e5d99 Bug #47547: git 1:2.1.4-2.1+deb8u6 doc/errata/staging/git.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.2-4] 5d1d23c97f Bug #47547: git 1:2.1.4-2.1+deb8u6 doc/errata/staging/git.yaml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) [4.2-4] 1c8306240d Bug #47547: git 1:2.1.4-2.1+deb8u6 doc/errata/staging/git.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+)
<http://errata.software-univention.de/ucs/4.2/452.html>