Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to overwrite files outside the repository, inject arbitrary configuration, or even execute arbitrary code. Canonical, the company behind Ubuntu, has released security updates for various Ubuntu versions, including those under Extended Security Maintenance (ESM). Attackers could exploit this flaw to execute arbitrary code, posing a significant risk to system integrity. ELS provides five years of vendor-grade security patches after the official end-of-life date, covering over 140 packages, including Git, Linux kernel, OpenSSL, glibc, and more. It could allow attackers to craft and place malicious messages in the system, which could have serious implications for the integrity of your data. An attacker could create hardlinked arbitrary files into the repository’s object directory, threatening the availability and integrity of the system. For organizations running end-of-life Ubuntu versions, TuxCare’s ELS offers an affordable solution. If exploited, attackers could use them to execute arbitrary code on the system. For Ubuntu users on older, end-of-life versions like Ubuntu 16.04 and 18.04, Canonical offers ESM through the Ubuntu Pro subscription. For enterprises operating on legacy systems, TuxCare provides a reliable and cost-effective way to maintain security without the need for disruptive upgrades or migrations. They could place a specialized repository on a target’s system, leading to possible code execution or data manipulation. The post Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04 appeared first on TuxCare.
This Cyber News was published on securityboulevard.com. Publication date: Wed, 02 Oct 2024 10:13:06 +0000