A stack-based buffer overflow in Git might allow a local attacker to gain escalated privileges.
Package | dev-vcs/git on all architectures |
---|---|
Affected versions | < 1.7.2.2 |
Unaffected versions | >= 1.7.2.2 |
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Git contains a stack-based buffer overflow in the is_git_directory function in setup.c.
A local attacker could gain escalated privileges via a specially crafted git repository.
There is no known workaround at this time.
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.7.2.2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 11, 2010. It is likely that your system is already no longer affected by this issue.
Release date
January 10, 2014
Latest revision
January 10, 2014: 1
Severity
high
Exploitable
local
Bugzilla entries