This should get handled as part of normal patching, but RHEL ships with a 1.8.x branch of Git. We aren’t cloning from public repos for most things, but I can’t be 100% about it, and workstations are probably vulnerable as well. We should all update our workstations, but it doesn’t appear to be that simple for Linux servers:
(2.19.1 is the version to upgrade to.)
Mac: brew upgrade git didn’t seem to update the cli git, still on 1.8.3.1, have to download and install from https://sourceforge.net/projects/git-osx-installer/files/git-2.19.0-intel-universal-mavericks.dmg/download?use_mirror=autoselect
Windows: https://github.com/git-for-windows/git/releases/download/v2.19.1.windows.1/Git-2.19.1-64-bit.exe
Linux: Looks like git does not have an rpm for a 2.x, it’s a clone and compile, which makes long term sustainability a pain.
CVE says version 2.18 is the oldest affected version, and the newest available from the yum repos is 1.8.3.1-14.
https://git-scm.com/download/linux says to download and compile.
This works:
#!/bin/bash
# update git to 2.19.1
git –version
which git
cp /usr/bin/git /usr/bin/git-1.8.3.1
yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel
yum -y install gcc perl-ExtUtils-MakeMaker
cd /usr/src
wget https://www.kernel.org/pub/software/scm/git/git-2.19.1.tar.gz
tar xzf git-2.19.1.tar.gz
cd git-2.19.1
make prefix=/usr/local/git all
make prefix=/usr/local/git install
rm -f /bin/git
ln -s /usr/local/git/bin/git /bin/git
git –version