Git: Security bypass — GLSA 201706-04

A vulnerability in Git might allow remote attackers to bypass security restrictions.

Affected packages

dev-vcs/git on all architectures
Affected versions < 2.13.0
Unaffected versions >= 2.13.0

Background

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Description

Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands.

Impact

A remote attacker could possibly bypass security restrictions and access sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Git users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.13.0"
 

References

Release date
June 06, 2017

Latest revision
June 06, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries