Advisories » MGASA-2017-0404

Updated git packages fix security vulnerability

Publication date: 07 Nov 2017
Modification date: 07 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14867

Description

The `git` subcommand `cvsserver` is a Perl script which makes excessive
use of the backtick operator to invoke `git`. Unfortunately user input
is used within some of those invocations, which can be a OS Command
Injection vulnerability (CVE-2017-14867).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21774
• http://openwall.com/lists/oss-security/2017/09/26/9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14867

SRPMS

6/core

• git-2.13.6-1.mga6