SCIENTIFIC-LINUX-ERRATA Archives

August 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: git on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 17 Aug 2017 13:42:56 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:          Important: git security update
Advisory ID:       SLSA-2017:2485-1
Issue Date:        2017-08-17
CVE Numbers:       CVE-2017-1000117
--

Security Fix(es):

* A shell command injection flaw related to the handling of "ssh" URLs has
been discovered in Git. An attacker could use this flaw to execute shell
commands with the privileges of the user running the Git client, for
example, when performing a "clone" action on a malicious repository or a
legitimate repository containing a malicious commit. (CVE-2017-1000117)
--

SL6
  x86_64
    git-1.7.1-9.el6_9.x86_64.rpm
    git-daemon-1.7.1-9.el6_9.x86_64.rpm
    git-debuginfo-1.7.1-9.el6_9.x86_64.rpm
  i386
    git-1.7.1-9.el6_9.i686.rpm
    git-daemon-1.7.1-9.el6_9.i686.rpm
    git-debuginfo-1.7.1-9.el6_9.i686.rpm
  noarch
    emacs-git-1.7.1-9.el6_9.noarch.rpm
    emacs-git-el-1.7.1-9.el6_9.noarch.rpm
    git-all-1.7.1-9.el6_9.noarch.rpm
    git-cvs-1.7.1-9.el6_9.noarch.rpm
    git-email-1.7.1-9.el6_9.noarch.rpm
    git-gui-1.7.1-9.el6_9.noarch.rpm
    git-svn-1.7.1-9.el6_9.noarch.rpm
    gitk-1.7.1-9.el6_9.noarch.rpm
    gitweb-1.7.1-9.el6_9.noarch.rpm
    perl-Git-1.7.1-9.el6_9.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2