USN-5686-2: Git vulnerability
17 November 2022
Git could be made to crash or run programs as your login if it received specially crafted input.
Releases
Packages
- git - fast, scalable, distributed revision control system
Details
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.
Original advisory details:
Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
git
-
1:2.7.4-0ubuntu1.10+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5686-1: git-cvs, git-doc, git-email, git-daemon-run, git-el, gitk, git-gui, git-all, git, git-man, gitweb, git-svn, git-mediawiki, git-daemon-sysvinit
- USN-5686-3: git-cvs, git-doc, git-email, git-daemon-run, gitk, git-gui, git-all, git, git-man, gitweb, git-svn, git-mediawiki, git-daemon-sysvinit