Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code.
Package | dev-vcs/git on all architectures |
---|---|
Affected versions | < 2.16.4 |
Unaffected versions | >= 2.16.4 |
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
Remote attackers could execute arbitrary code on both client and server.
There is no known workaround at this time.
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.16.4"
Release date
May 30, 2018
Latest revision
May 30, 2018: 1
Severity
high
Exploitable
remote
Bugzilla entries