Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
The Git Project addressed a critical remote code execution vulnerability
Image
Published : 09/10/2018
Reference:
Advisory #2018-26
Version:
1.0
Affected software:
Git 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1 and earlier releases
Type:
Remote code execution
CVE/CVSS:
Sources
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
https://blog.github.com/2018-10-05-git-submodule-vulnerability/
https://marc.info/?l=git&m=153875888916397&w=2
Risks
The vulnerability allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Description
Git 2.19.1 has been released with a fix that addresses a vulnerability in Git that can cause arbitrary code to be executed when a user clones a malicious repository.
Recommended Actions
In order to be protected from the vulnerability, we recommend all users to update GitHub Desktop, Atom, their command-line version of Git, and any other application that may include an embedded version of Git.
Until the update, it is also recommended to avoid submodules from untrusted repositories.