[ASA-201912-5] libgit2: arbitrary code execution
foxboron at archlinux.org
Wed Dec 18 21:37:48 UTC 2019
Arch Linux Security Advisory ASA-201912-5
Date : 2019-12-18
CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387
Package : libgit2
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1075
The package libgit2 before version 1:0.28.4-1 is vulnerable to
arbitrary code execution.
Upgrade to 1:0.28.4-1.
# pacman -Syu "libgit2>=1:0.28.4-1"
The problems have been fixed upstream in version 0.28.4.
- CVE-2019-1348 (arbitrary code execution)
A security issue has been found in git before 2.24.1 where the
--export-marks option of git fast-import is exposed also via the in-
stream command feature export-marks=... and it allows overwriting
- CVE-2019-1349 (arbitrary code execution)
A security issue has been found in git before 2.24.1 when using
submodule paths that refer to the same file system entity (e.g. using
the NTFS Alternate Data Streams attack mentioned in CVE-2019-1352 where
files would be written to the `.git/` directory using a synonymous
directory name), it was possible to "squat" on the `git~1` shortname on
NTFS drives, opening attacks via `git~2`. This also affects Git when
run as a Linux application inside the Windows Subsystem for Linux.
- CVE-2019-1352 (arbitrary code execution)
A security issue has been found in git before 2.24.1 where it was
unaware of NTFS Alternate Data Streams, allowing files inside the .git/
directory to be overwritten during a clone.
- CVE-2019-1387 (arbitrary code execution)
A security issue has been found in git before 2.24.1 where recursive
clones are currently affected by a vulnerability that is caused by too-
lax validation of submodule names, allowing very targeted attacks via
remote code execution in recursive clones.
A remote attacker can overwrite files and execute code by abusing NTFS
path, submodules and fast-import.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security