Git: Multiple vulnerabilities — GLSA 201805-13

Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code.

Affected Packages

dev-vcs/git on all architectures
Affected versions < 2.16.4
Unaffected versions >= 2.16.4

Background

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Description

Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers could execute arbitrary code on both client and server.

Workaround

There is no known workaround at this time.

Resolution

All Git users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.16.4"
 

References

Release Date
May 30, 2018

Latest Revision
May 30, 2018: 1

Severity
high

Exploitable
remote

Bugzilla entries