ALAS-2015-613


Amazon Linux AMI Security Advisory: ALAS-2015-613
Advisory Release Date: 2015-12-13 14:13 Pacific
Severity: Medium
References: CVE-2015-7545 

Issue Overview:

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.


Affected Packages:

git


Issue Correction:
Run yum update git to update your system.

New Packages:
i686:
    git-debuginfo-2.4.3-7.42.amzn1.i686
    git-daemon-2.4.3-7.42.amzn1.i686
    git-svn-2.4.3-7.42.amzn1.i686
    git-2.4.3-7.42.amzn1.i686

noarch:
    git-email-2.4.3-7.42.amzn1.noarch
    emacs-git-2.4.3-7.42.amzn1.noarch
    git-hg-2.4.3-7.42.amzn1.noarch
    git-all-2.4.3-7.42.amzn1.noarch
    gitweb-2.4.3-7.42.amzn1.noarch
    emacs-git-el-2.4.3-7.42.amzn1.noarch
    git-p4-2.4.3-7.42.amzn1.noarch
    perl-Git-2.4.3-7.42.amzn1.noarch
    git-bzr-2.4.3-7.42.amzn1.noarch
    git-cvs-2.4.3-7.42.amzn1.noarch
    perl-Git-SVN-2.4.3-7.42.amzn1.noarch

src:
    git-2.4.3-7.42.amzn1.src

x86_64:
    git-debuginfo-2.4.3-7.42.amzn1.x86_64
    git-daemon-2.4.3-7.42.amzn1.x86_64
    git-2.4.3-7.42.amzn1.x86_64
    git-svn-2.4.3-7.42.amzn1.x86_64