Reference: CERT-EU Security Advisory Short Summary -------------- A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nes ted trees.. For server exploitation, perpetrator will need write access in order to pus h remote git repository. For client exploitation, any local user allowed to execute git client comma nd can trigger the vulnerability by cloning a repository with large filenam es. CVE reference: CVE-2016-2324, CVE-2016E280912315 Affected platforms: git (client + server) < 2.7.1 Date found: 2016-03-16 Security risk: High Vendor Status: Notified / Patch available Systems affected ----------------- git (client + server) < 2.7.1 Impact ------- The successful exploitation of a vulnerable client or server allows the att acker to execute code on the targeted system. Solutions ---------- Upgrade to version 2.7.1 Additional References ----------------------- https://ma.tti as.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324- cve-2016-2315/ https://gi t-scm.com/ CERT-EU ( http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu < ;mailto:cert-eu@ec.europa.eu> PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383