DSA-1841-1 git-core -- denial of serviceID: oval:org.secpod.oval:def:600476 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. For the oldstable distribution , this problem has been fixed in version 1.4.4.4-4+etch3. For the stable distribution , this problem has been fixed in version 1.5.6.5-3+lenny2. For the testing distribution , this problem has been fixed in version 1:1.6.3.3-1. For the unstable distribution , this problem has been fixed in version 1:1.6.3.3-1. We recommend that you upgrade your git-core packages.
Platform: |
Debian 5.0 |
Debian 4.0 |