USN-3671-1: Git vulnerabilities
Severity
High
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when “git clone –recurse-submodules” is used. (CVE-2018-11235)
It was discovered that an integer overflow existed in git’s pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233)
Affected Cloud Foundry Products and Versions
Severity is high unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.213.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.213.0 or later.
