GLSA
Veteran
Joined: 12 May 2004
Posts: 1303
|
 Posted: Sun Jul 12, 2009 6:26 pm Post subject: [ GLSA 200907-05 ] git: git-daemon Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: git: git-daemon Denial of Service (GLSA 200907-05)
Severity: normal
Exploitable: remote
Date: July 12, 2009
Bug(s): #273905
ID: 200907-05
Synopsis
An error in git-daemon might lead to a Denial of Service via resource consumption.
Background
git - the stupid content tracker, the revision control system used by the Linux kernel team.
Affected Packages
Package: dev-util/git
Vulnerable: < 1.6.3.3
Unaffected: >= 1.6.3.3
Architectures: All supported architectures
Description
Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments.
Impact
A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption).
Workaround
There is no known workaround at this time.
Resolution
All git users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/git-1.6.3.3" |
References
CVE-2009-2108 |
|
News & Announcements
