Advisories » MGASA-2017-0153

Updated git packages fix security vulnerability

Publication date: 03 Jun 2017
Modification date: 03 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8386

Description

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted
login shell for Git-only SSH access, allows a user to run an interactive
pager by causing it to spawn "git upload-pack --help" (CVE-2017-8386).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20827
• https://www.debian.org/security/2017/dsa-3848
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8386

SRPMS

5/core

• git-2.7.4-1.1.mga5