==========================================================================
Ubuntu Security Notice USN-3243-1
March 23, 2017
git vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Git could be made to run programs as your login if it explored a specially
crafted repository.
Software Description:
– git: fast, scalable, distributed revision control system
Details:
It was discovered that Git incorrectly sanitized branch names in the PS1
variable when configured to display the repository status in the shell
prompt. If a user were tricked into exploring a malicious repository, a
remote attacker could use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3243-1
CVE-2014-9938
Package Information:
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.4
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJY08R3AAoJEGVp2FWnRL6TvW0QAJAvbKMWsBI9Vw0QwB40/6s7
gB5asoJQ9QR7JeKDKJyaunOtvR5S+JLvyS01VHlA8/wtU+Vx5tGZcdJw18NSkDXs
J8PxoMlxjGuydI9DTI8CIF55LZ6LG4A6JgEBCKc3IHS98cd6YOMHmjkjxlSO9hep
7k0uIth9zzlASpA9R/TtPSoUx8t+nix3VoKK1Zk2h9E+HOOeLcz0zaqZn9QmkDvW
BnJx+CYuKYVdtL05vXdwILo8NGc8uZpEQ1DLFPubJ0XoPSkx+Rp2MIhoOMgO6zCG
vElR6VkcRnRxmmPnMoe20cvMqLm+Wa7bhh44qVBZsSPT7lh2zhpp3uZUu0sN+9g2
sncAgVGruDX88Pb2ju5lgrKsB8DQwgo/wx2QMbK0DwzhOC1MXNHNHTgHzlerQXPs
7Ykv5Bc7N2DI66IauFk7xUr3+f3L3kPt/fdQn7S0j1jqpu6Syie4dm+sFw4COxsT
2nQVZDoWKxLs0sBQC50fWLpVP0+rcFqmizwcha91pYQCdcKExjzYShzH9XZ2qRzG
HLRo5RjqBHsiugAMq4mr957COBKo6SVEDZKR9HJIrBe6ORVdhP+FZis2JYuoqlbr
9Hsdn5bwTZz81gh7vdwLboCTuc7U7HbWXeY9JehHQEdcy0Qo/12evWjHmhMUTJPr
X0qNtjowEaahHwbJY0QF
=9tPx
—–END PGP SIGNATURE—–
—