It was discovered that git-daemon which is part of git-core, a popular
distributed revision control system, is vulnerable to denial of service
attacks caused by a programming mistake in handling requests containing
extra unrecognized arguments which results in an infinite loop. While
this is no problem for the daemon itself as every request will spawn a
new git-daemon instance, this still results in a very high CPU consumption
and might lead to denial of service conditions.
For the oldstable distribution (etch), this problem has been fixed in
version 1.4.4.4-4+etch3.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.6.5-3+lenny2.
For the testing distribution (squeeze), this problem has been fixed in
version 1:1.6.3.3-1.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.6.3.3-1.
We recommend that you upgrade your git-core packages.
CPE | Name | Operator | Version |
---|---|---|---|
git-core | eq | 1:1.5.6.5-2 | |
git-core | eq | 1:1.5.6.5-3+lenny1 | |
git-core | eq | 1:1.5.6.5-3 | |
git-core | eq | 1:1.5.6.5-3+lenny2~bpo40+1 |