Advisories » MGASA-2018-0445

Updated python-dulwich packages fix security vulnerability

Publication date: 11 Nov 2018
Modification date: 11 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-16228

Description

Dulwich, when an SSH subprocess is used, allowed remote attackers to
execute arbitrary commands via an ssh URL with an initial dash character
in the hostname (CVE-2017-16228).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23346
• https://lists.opensuse.org/opensuse-updates/2018-08/msg00028.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16228

SRPMS

6/core

• python-dulwich-0.12.0-1.2.mga6