Joined: 12 May 2004
|Posted: Sun Jul 12, 2009 6:26 pm Post subject: [ GLSA 200907-05 ] git: git-daemon Denial of Service
|Gentoo Linux Security Advisory
Title: git: git-daemon Denial of Service (GLSA 200907-05)
Date: July 12, 2009
An error in git-daemon might lead to a Denial of Service via resource consumption.
git - the stupid content tracker, the revision control system used by the Linux kernel team.
Vulnerable: < 18.104.22.168
Unaffected: >= 22.214.171.124
Architectures: All supported architectures
Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments.
A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption).
There is no known workaround at this time.
All git users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/git-126.96.36.199"