| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 03 Oct 2010 21:37:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2010:194 ] git -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:194 http://www.mandriva.com/security/ _______________________________________________________________________ Package : git Date : October 3, 2010 Affected: 2009.1, 2010.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in git: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy (CVE-2010-2542). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2542 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: e36c30bb2efd1e37a798f18b2fe0409d 2009.1/i586/git-1.6.2.5-0.2mdv2009.1.i586.rpm e24c5595f517896efc3937c3e6f67e3f 2009.1/i586/git-arch-1.6.2.5-0.2mdv2009.1.i586.rpm fb822b181161f4896ce1d6dfdeb9bd15 2009.1/i586/git-core-1.6.2.5-0.2mdv2009.1.i586.rpm 4f7f7ce2826bbca4c2686ec17dc98646 2009.1/i586/git-core-oldies-1.6.2.5-0.2mdv2009.1.i586.rpm 1de9a3c640a8ab79b0f635c7f28d3566 2009.1/i586/git-cvs-1.6.2.5-0.2mdv2009.1.i586.rpm 1a15e8c4cf5dcf67305cd82955eb9180 2009.1/i586/git-email-1.6.2.5-0.2mdv2009.1.i586.rpm bc58ceed787b7452d8a85180e44ef307 2009.1/i586/gitk-1.6.2.5-0.2mdv2009.1.i586.rpm 6a0e809737cee3fa4bd23575b6d5437a 2009.1/i586/git-svn-1.6.2.5-0.2mdv2009.1.i586.rpm 6dcf828363e99ab3dfe2b1539a095eb2 2009.1/i586/gitview-1.6.2.5-0.2mdv2009.1.i586.rpm 19f0de2a083f34955d6a85b591c8a82b 2009.1/i586/gitweb-1.6.2.5-0.2mdv2009.1.i586.rpm 729246da7e5812e3d8be48b66f6c96d2 2009.1/i586/libgit-devel-1.6.2.5-0.2mdv2009.1.i586.rpm 6fa5b0e90caeb83bad4405ca84c3a644 2009.1/i586/perl-Git-1.6.2.5-0.2mdv2009.1.i586.rpm 5c74a812d839adced666981b16008790 2009.1/SRPMS/git-1.6.2.5-0.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 36a163e8dbf812a00f2774737d3db3e3 2009.1/x86_64/git-1.6.2.5-0.2mdv2009.1.x86_64.rpm da62d78a1fd8cb3f148da045c98f8697 2009.1/x86_64/git-arch-1.6.2.5-0.2mdv2009.1.x86_64.rpm 8a944bf53721285cc9fe90fe80f20503 2009.1/x86_64/git-core-1.6.2.5-0.2mdv2009.1.x86_64.rpm 15ce468ebf23b2e6442da065addc0468 2009.1/x86_64/git-core-oldies-1.6.2.5-0.2mdv2009.1.x86_64.rpm e3ba618e5516ee3e0527dd4f656e43be 2009.1/x86_64/git-cvs-1.6.2.5-0.2mdv2009.1.x86_64.rpm 6be37a10302a9267d186e626437f7fba 2009.1/x86_64/git-email-1.6.2.5-0.2mdv2009.1.x86_64.rpm 3ae3179b2d6601e99e63136e70d9661e 2009.1/x86_64/gitk-1.6.2.5-0.2mdv2009.1.x86_64.rpm cc0f7c402dbd3e4fb3a89c69d7c4bbce 2009.1/x86_64/git-svn-1.6.2.5-0.2mdv2009.1.x86_64.rpm d3995ffe7fad83d902a22d7b465dad33 2009.1/x86_64/gitview-1.6.2.5-0.2mdv2009.1.x86_64.rpm 5266e7b2e209a7a94c854903f1c3dfa6 2009.1/x86_64/gitweb-1.6.2.5-0.2mdv2009.1.x86_64.rpm 0097c72a5d29c16d7193ca7159826180 2009.1/x86_64/lib64git-devel-1.6.2.5-0.2mdv2009.1.x86_64.rpm 3bf7309d7ee46a7b6c17954ddae939aa 2009.1/x86_64/perl-Git-1.6.2.5-0.2mdv2009.1.x86_64.rpm 5c74a812d839adced666981b16008790 2009.1/SRPMS/git-1.6.2.5-0.2mdv2009.1.src.rpm Mandriva Linux 2010.0: 05e69d2ef3f77fa187680647094becce 2010.0/i586/git-1.6.4.4-6.1mdv2010.0.i586.rpm 0a4073b71cf63d4edba0ff3b565a89ba 2010.0/i586/git-arch-1.6.4.4-6.1mdv2010.0.i586.rpm caea32abfe0955cc7be5be2d49a69302 2010.0/i586/git-core-1.6.4.4-6.1mdv2010.0.i586.rpm 9af8db24c9ecde83e6e30542c1a429d3 2010.0/i586/git-core-oldies-1.6.4.4-6.1mdv2010.0.i586.rpm 9db0d8344eda9b00b2bf98c78fb923c3 2010.0/i586/git-cvs-1.6.4.4-6.1mdv2010.0.i586.rpm f1075e86c19920e9d760899745d031f8 2010.0/i586/git-email-1.6.4.4-6.1mdv2010.0.i586.rpm 92457a4711ceb4c97250a78b541ed716 2010.0/i586/gitk-1.6.4.4-6.1mdv2010.0.i586.rpm 66063c99e6a26a5a4c93dbd956fd4ba3 2010.0/i586/git-prompt-1.6.4.4-6.1mdv2010.0.i586.rpm f3970194c62eccef9b32fb3cab68b55a 2010.0/i586/git-svn-1.6.4.4-6.1mdv2010.0.i586.rpm 1c17e4705d33069f1776b25531048bda 2010.0/i586/gitview-1.6.4.4-6.1mdv2010.0.i586.rpm 9d361a0c3ad75a5c68affd14dcc7681b 2010.0/i586/gitweb-1.6.4.4-6.1mdv2010.0.i586.rpm d739ac4c7012ebd56b6d401d545243fa 2010.0/i586/libgit-devel-1.6.4.4-6.1mdv2010.0.i586.rpm d288543970e5dcd2268d6a7eb60305cc 2010.0/i586/perl-Git-1.6.4.4-6.1mdv2010.0.i586.rpm 47a9c9ea741437d1432ddd90e32b45e6 2010.0/SRPMS/git-1.6.4.4-6.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: cc3e19b3a6cf10ead6e5a74d478fc39e 2010.0/x86_64/git-1.6.4.4-6.1mdv2010.0.x86_64.rpm 690b28356d34cc1da502f04dda722ea5 2010.0/x86_64/git-arch-1.6.4.4-6.1mdv2010.0.x86_64.rpm 848b95d3e8d2755d7e9bc885600c16b2 2010.0/x86_64/git-core-1.6.4.4-6.1mdv2010.0.x86_64.rpm 12e3fc6006f1a688da619ed304ed703f 2010.0/x86_64/git-core-oldies-1.6.4.4-6.1mdv2010.0.x86_64.rpm 1079c63990148140641dfc728f0f95ae 2010.0/x86_64/git-cvs-1.6.4.4-6.1mdv2010.0.x86_64.rpm 32a648d0a7daa28644f96f04d05b3f96 2010.0/x86_64/git-email-1.6.4.4-6.1mdv2010.0.x86_64.rpm e61e2dafa93e4c6843aab8b96f2ff02c 2010.0/x86_64/gitk-1.6.4.4-6.1mdv2010.0.x86_64.rpm 39e12217b32a2cc6c553142c62f01ef3 2010.0/x86_64/git-prompt-1.6.4.4-6.1mdv2010.0.x86_64.rpm 5b4e71e02e815f2c63b497836d1f1e7c 2010.0/x86_64/git-svn-1.6.4.4-6.1mdv2010.0.x86_64.rpm 4d1408e86a37909ce3af9d534d791eb1 2010.0/x86_64/gitview-1.6.4.4-6.1mdv2010.0.x86_64.rpm 7a1f7fdeb72a855f1cf62b5dc2f821a6 2010.0/x86_64/gitweb-1.6.4.4-6.1mdv2010.0.x86_64.rpm 0e43bd01aba87d2e1157307a979e920b 2010.0/x86_64/lib64git-devel-1.6.4.4-6.1mdv2010.0.x86_64.rpm be775dcd8a82cd22852aa949864f6b20 2010.0/x86_64/perl-Git-1.6.4.4-6.1mdv2010.0.x86_64.rpm 47a9c9ea741437d1432ddd90e32b45e6 2010.0/SRPMS/git-1.6.4.4-6.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 9a53fe0eafe2b286effe34e0386296f5 2010.1/i586/git-1.7.1-1.1mdv2010.1.i586.rpm 366105f56483fda6e465af3b48886a64 2010.1/i586/git-arch-1.7.1-1.1mdv2010.1.i586.rpm 7f4d4f93b1fc0f582ea976ab3948176b 2010.1/i586/git-core-1.7.1-1.1mdv2010.1.i586.rpm 3d621a1105e35c473f44474fb429cd4f 2010.1/i586/git-core-oldies-1.7.1-1.1mdv2010.1.i586.rpm 153c7334f1600e7b301ea88a596ecf87 2010.1/i586/git-cvs-1.7.1-1.1mdv2010.1.i586.rpm 03f2cb0a820f848775798aecdff73d16 2010.1/i586/git-email-1.7.1-1.1mdv2010.1.i586.rpm 1cf070ea84d4266d43dbc9cd1d94da1f 2010.1/i586/gitk-1.7.1-1.1mdv2010.1.i586.rpm 09d4b394f592311256e9d1524a7b213a 2010.1/i586/git-prompt-1.7.1-1.1mdv2010.1.i586.rpm 17253d2dea0e8e9ffd39729d17f94605 2010.1/i586/git-svn-1.7.1-1.1mdv2010.1.i586.rpm c55070264354761a42ef081504dba023 2010.1/i586/gitview-1.7.1-1.1mdv2010.1.i586.rpm 4d4b279155246cf2c6dd5c3994341c76 2010.1/i586/gitweb-1.7.1-1.1mdv2010.1.i586.rpm 20b5523db533068c74317c6ab6d1682f 2010.1/i586/libgit-devel-1.7.1-1.1mdv2010.1.i586.rpm 0fdeeed89128c15726fc11d1c32f35e2 2010.1/i586/perl-Git-1.7.1-1.1mdv2010.1.i586.rpm 94b914ed0817c3260deff34d1176850e 2010.1/i586/python-git-1.7.1-1.1mdv2010.1.i586.rpm 269d848f0be754565fcd2ae2fd402244 2010.1/SRPMS/git-1.7.1-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: c30305b2b65f3be12243bf6201f58db6 2010.1/x86_64/git-1.7.1-1.1mdv2010.1.x86_64.rpm abf1681f048980a84a31be90c0e0c1c9 2010.1/x86_64/git-arch-1.7.1-1.1mdv2010.1.x86_64.rpm 8fc426f9885a16997e738d932bc178ff 2010.1/x86_64/git-core-1.7.1-1.1mdv2010.1.x86_64.rpm 53bf857343b026bd3119c8f9f5f517e8 2010.1/x86_64/git-core-oldies-1.7.1-1.1mdv2010.1.x86_64.rpm d79af9e7c052afd3cfb86ba435d769ea 2010.1/x86_64/git-cvs-1.7.1-1.1mdv2010.1.x86_64.rpm e060edb60fbbdd430378449a8bf877a0 2010.1/x86_64/git-email-1.7.1-1.1mdv2010.1.x86_64.rpm 2b3ee4007d2e770449a7301a4d16507e 2010.1/x86_64/gitk-1.7.1-1.1mdv2010.1.x86_64.rpm 73406e43466413d30c34087103bfc3c3 2010.1/x86_64/git-prompt-1.7.1-1.1mdv2010.1.x86_64.rpm 697df1362b4867550537f1374bdc228e 2010.1/x86_64/git-svn-1.7.1-1.1mdv2010.1.x86_64.rpm b58f8242b1d54c0653fb90e79bb4c221 2010.1/x86_64/gitview-1.7.1-1.1mdv2010.1.x86_64.rpm c0c684337ee3d11cb068ff9d52be2926 2010.1/x86_64/gitweb-1.7.1-1.1mdv2010.1.x86_64.rpm 800ba00449a578960c97d567e1803977 2010.1/x86_64/lib64git-devel-1.7.1-1.1mdv2010.1.x86_64.rpm 8bfd7f8c8329f963b04e2afe87cb4bd4 2010.1/x86_64/perl-Git-1.7.1-1.1mdv2010.1.x86_64.rpm 7fa2e372949ed54ba0784726ef4dd78b 2010.1/x86_64/python-git-1.7.1-1.1mdv2010.1.x86_64.rpm 269d848f0be754565fcd2ae2fd402244 2010.1/SRPMS/git-1.7.1-1.1mdv2010.1.src.rpm Mandriva Enterprise Server 5: da9042ce466cc88308c8da002a9bc22e mes5/i586/git-1.6.0.6-0.2mdvmes5.1.i586.rpm 1e1238eae3902d55c969f43d18682b60 mes5/i586/git-arch-1.6.0.6-0.2mdvmes5.1.i586.rpm 74828248e38cb3f8bb8c4564933bd451 mes5/i586/git-core-1.6.0.6-0.2mdvmes5.1.i586.rpm 9ca3cd9673c7ad38e30c6df900ec5147 mes5/i586/git-core-oldies-1.6.0.6-0.2mdvmes5.1.i586.rpm 54e7e0ebad40973ca53bcf8d2f822bf4 mes5/i586/git-cvs-1.6.0.6-0.2mdvmes5.1.i586.rpm a0757a10b1566427aad43ab0bcd34188 mes5/i586/git-email-1.6.0.6-0.2mdvmes5.1.i586.rpm 6c4e5f05a0ce18b8b0a3fa2454fc7e2d mes5/i586/gitk-1.6.0.6-0.2mdvmes5.1.i586.rpm 80bf65bdd9f5eea47e93757152d5d0e4 mes5/i586/git-svn-1.6.0.6-0.2mdvmes5.1.i586.rpm 78e93b557075a4eeaf77065730d54efd mes5/i586/gitview-1.6.0.6-0.2mdvmes5.1.i586.rpm 750fb551951a21c5118b87b3278c32ed mes5/i586/gitweb-1.6.0.6-0.2mdvmes5.1.i586.rpm a85dca1ed2756d1d0d12a8d211b2bdb9 mes5/i586/libgit-devel-1.6.0.6-0.2mdvmes5.1.i586.rpm 86e2d91045b53f684988c8a838a2c8e7 mes5/i586/perl-Git-1.6.0.6-0.2mdvmes5.1.i586.rpm 4fe847b83f07ab8d0e11290352dc22f2 mes5/SRPMS/git-1.6.0.6-0.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 7c9097482d702eb71d58ab4c85ee0807 mes5/x86_64/git-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 20a1b3191f9eabd8664723293841203e mes5/x86_64/git-arch-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 660b37a71c0aac0051088545a2f77f06 mes5/x86_64/git-core-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 39acbb3e9873ba07a1e587da34195c68 mes5/x86_64/git-core-oldies-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 646464b83ad39c5ad34a6bbe4f6b225d mes5/x86_64/git-cvs-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 5f488aaa40399af4025670e5d9a49c57 mes5/x86_64/git-email-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 5b505b16edcc9b227784dd66e205190e mes5/x86_64/gitk-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 0cb95524e359a89842ee99eb20dba0cc mes5/x86_64/git-svn-1.6.0.6-0.2mdvmes5.1.x86_64.rpm c19be84b13166ceba8a6ac502cff9590 mes5/x86_64/gitview-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 99330e300c41df8e6966520bbb2ef791 mes5/x86_64/gitweb-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 4978b265158ae0e11eb3086ef5532b5a mes5/x86_64/lib64git-devel-1.6.0.6-0.2mdvmes5.1.x86_64.rpm a5fda12a1c57745a86d1e77dc24151f8 mes5/x86_64/perl-Git-1.6.0.6-0.2mdvmes5.1.x86_64.rpm 4fe847b83f07ab8d0e11290352dc22f2 mes5/SRPMS/git-1.6.0.6-0.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMqKzEmqjQ0CJFipgRAmwVAJ9o/Om4HDJD0k3Af6A7IiU9h8DM7QCfQtYx LG4Q+Zdpo8DNb9o50S6GXwg= =hz7X -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists