Important: git

2016-03-2412:00:00

alas.aws.amazon.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.141 Low

EPSS

Percentile

95.7%

JSON

Issue Overview:

An integer truncation flaw (CVE-2016-2315) and an integer overflow flaw (CVE-2016-2324), both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.

Affected Packages:

git

Issue Correction:
Run yum update git to update your system.

New Packages:

i686:  
    git-2.7.4-1.47.amzn1.i686  
    git-svn-2.7.4-1.47.amzn1.i686  
    git-daemon-2.7.4-1.47.amzn1.i686  
    git-debuginfo-2.7.4-1.47.amzn1.i686  
  
noarch:  
    emacs-git-el-2.7.4-1.47.amzn1.noarch  
    git-all-2.7.4-1.47.amzn1.noarch  
    emacs-git-2.7.4-1.47.amzn1.noarch  
    gitweb-2.7.4-1.47.amzn1.noarch  
    git-bzr-2.7.4-1.47.amzn1.noarch  
    git-p4-2.7.4-1.47.amzn1.noarch  
    perl-Git-2.7.4-1.47.amzn1.noarch  
    perl-Git-SVN-2.7.4-1.47.amzn1.noarch  
    git-hg-2.7.4-1.47.amzn1.noarch  
    git-email-2.7.4-1.47.amzn1.noarch  
    git-cvs-2.7.4-1.47.amzn1.noarch  
  
src:  
    git-2.7.4-1.47.amzn1.src  
  
x86_64:  
    git-svn-2.7.4-1.47.amzn1.x86_64  
    git-debuginfo-2.7.4-1.47.amzn1.x86_64  
    git-2.7.4-1.47.amzn1.x86_64  
    git-daemon-2.7.4-1.47.amzn1.x86_64

Additional References

Red Hat: CVE-2016-2315, CVE-2016-2324

Mitre: CVE-2016-2315, CVE-2016-2324

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686git< 2.7.4-1.47.amzn1git-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux1i686git-svn< 2.7.4-1.47.amzn1git-svn-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux1i686git-daemon< 2.7.4-1.47.amzn1git-daemon-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux1i686git-debuginfo< 2.7.4-1.47.amzn1git-debuginfo-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux1noarchemacs-git-el< 2.7.4-1.47.amzn1emacs-git-el-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux1noarchgit-all< 2.7.4-1.47.amzn1git-all-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux1noarchemacs-git< 2.7.4-1.47.amzn1emacs-git-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux1noarchgitweb< 2.7.4-1.47.amzn1gitweb-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux1noarchgit-bzr< 2.7.4-1.47.amzn1git-bzr-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux1noarchgit-p4< 2.7.4-1.47.amzn1git-p4-2.7.4-1.47.amzn1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	git	< 2.7.4-1.47.amzn1	git-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux	1	i686	git-svn	< 2.7.4-1.47.amzn1	git-svn-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux	1	i686	git-daemon	< 2.7.4-1.47.amzn1	git-daemon-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux	1	i686	git-debuginfo	< 2.7.4-1.47.amzn1	git-debuginfo-2.7.4-1.47.amzn1.i686.rpm
Amazon Linux	1	noarch	emacs-git-el	< 2.7.4-1.47.amzn1	emacs-git-el-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux	1	noarch	git-all	< 2.7.4-1.47.amzn1	git-all-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux	1	noarch	emacs-git	< 2.7.4-1.47.amzn1	emacs-git-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux	1	noarch	gitweb	< 2.7.4-1.47.amzn1	gitweb-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux	1	noarch	git-bzr	< 2.7.4-1.47.amzn1	git-bzr-2.7.4-1.47.amzn1.noarch.rpm
Amazon Linux	1	noarch	git-p4	< 2.7.4-1.47.amzn1	git-p4-2.7.4-1.47.amzn1.noarch.rpm