Advisories ยป MGASA-2017-0404

Updated git packages fix security vulnerability

Publication date: 07 Nov 2017
Modification date: 07 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14867

Description

The `git` subcommand `cvsserver` is a Perl script which makes excessive
use of the backtick operator to invoke `git`. Unfortunately user input
is used within some of those invocations, which can be a OS Command
Injection vulnerability (CVE-2017-14867).
                

References

SRPMS

6/core