Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules
file with submodule URLs that are longer than 1024 characters can used to exploit a bug in config.c::git_config_copy_or_rename_section_in_file()
. This bug can be used to inject arbitrary configuration into a user's $GIT_DIR/config
when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as core.pager
, core.editor
, core.sshCommand
, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit
on untrusted repositories or without prior inspection of any submodule sections in $GIT_DIR/config
.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "git-core": "1:2.7.4-0ubuntu1.10+esm7", "git-daemon-run": "1:2.7.4-0ubuntu1.10+esm7", "git-email": "1:2.7.4-0ubuntu1.10+esm7", "git-mediawiki": "1:2.7.4-0ubuntu1.10+esm7", "git": "1:2.7.4-0ubuntu1.10+esm7", "git-el": "1:2.7.4-0ubuntu1.10+esm7", "git-cvs": "1:2.7.4-0ubuntu1.10+esm7", "git-doc": "1:2.7.4-0ubuntu1.10+esm7", "gitk": "1:2.7.4-0ubuntu1.10+esm7", "git-arch": "1:2.7.4-0ubuntu1.10+esm7", "git-daemon-sysvinit": "1:2.7.4-0ubuntu1.10+esm7", "git-svn": "1:2.7.4-0ubuntu1.10+esm7", "git-gui": "1:2.7.4-0ubuntu1.10+esm7", "git-man": "1:2.7.4-0ubuntu1.10+esm7", "gitweb": "1:2.7.4-0ubuntu1.10+esm7", "git-all": "1:2.7.4-0ubuntu1.10+esm7" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "git-daemon-run": "1:2.17.1-1ubuntu0.18", "git-email": "1:2.17.1-1ubuntu0.18", "git-mediawiki": "1:2.17.1-1ubuntu0.18", "git": "1:2.17.1-1ubuntu0.18", "git-el": "1:2.17.1-1ubuntu0.18", "git-cvs": "1:2.17.1-1ubuntu0.18", "git-doc": "1:2.17.1-1ubuntu0.18", "gitk": "1:2.17.1-1ubuntu0.18", "git-dbgsym": "1:2.17.1-1ubuntu0.18", "git-daemon-sysvinit": "1:2.17.1-1ubuntu0.18", "git-svn": "1:2.17.1-1ubuntu0.18", "git-gui": "1:2.17.1-1ubuntu0.18", "git-man": "1:2.17.1-1ubuntu0.18", "gitweb": "1:2.17.1-1ubuntu0.18", "git-all": "1:2.17.1-1ubuntu0.18" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "git-daemon-run": "1:2.25.1-1ubuntu3.11", "git-email": "1:2.25.1-1ubuntu3.11", "git-mediawiki": "1:2.25.1-1ubuntu3.11", "git": "1:2.25.1-1ubuntu3.11", "git-el": "1:2.25.1-1ubuntu3.11", "git-cvs": "1:2.25.1-1ubuntu3.11", "git-doc": "1:2.25.1-1ubuntu3.11", "gitk": "1:2.25.1-1ubuntu3.11", "git-dbgsym": "1:2.25.1-1ubuntu3.11", "git-daemon-sysvinit": "1:2.25.1-1ubuntu3.11", "git-svn": "1:2.25.1-1ubuntu3.11", "git-gui": "1:2.25.1-1ubuntu3.11", "git-man": "1:2.25.1-1ubuntu3.11", "gitweb": "1:2.25.1-1ubuntu3.11", "git-all": "1:2.25.1-1ubuntu3.11" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "git-daemon-run": "1:2.34.1-1ubuntu1.9", "git-email": "1:2.34.1-1ubuntu1.9", "git-mediawiki": "1:2.34.1-1ubuntu1.9", "git": "1:2.34.1-1ubuntu1.9", "gitk": "1:2.34.1-1ubuntu1.9", "git-cvs": "1:2.34.1-1ubuntu1.9", "git-doc": "1:2.34.1-1ubuntu1.9", "git-dbgsym": "1:2.34.1-1ubuntu1.9", "git-daemon-sysvinit": "1:2.34.1-1ubuntu1.9", "git-svn": "1:2.34.1-1ubuntu1.9", "git-gui": "1:2.34.1-1ubuntu1.9", "git-man": "1:2.34.1-1ubuntu1.9", "gitweb": "1:2.34.1-1ubuntu1.9", "git-all": "1:2.34.1-1ubuntu1.9" } ] }