Advisories ยป MGASA-2017-0266

Updated git packages fix security vulnerability

Publication date: 13 Aug 2017
Modification date: 13 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000117

Description

Joern Schneeweisz discovered that git, a distributed revision control
system, did not correctly handle maliciously constructed ssh:// URLs.
This allowed an attacker to run an arbitrary shell command, for instance
via git submodules (CVE-2017-1000117).
                

References

SRPMS

5/core

6/core