USN-3387-1: Git vulnerability
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in ‘ssh://’ URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.147.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.147.0 or later.