Updated git packages fix security vulnerability
Publication date: 13 Aug 2017Modification date: 13 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000117
Description
Joern Schneeweisz discovered that git, a distributed revision control
system, did not correctly handle maliciously constructed ssh:// URLs.
This allowed an attacker to run an arbitrary shell command, for instance
via git submodules (CVE-2017-1000117).
References
- https://bugs.mageia.org/show_bug.cgi?id=21503
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.5.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.6.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.13.4.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.13.5.txt
- https://www.debian.org/security/2017/dsa-3934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117
SRPMS
5/core
- git-2.7.6-1.mga5
6/core
- git-2.13.5-1.mga6