drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Git
Name: |
Ausführen beliebiger Kommandos in Git |
|
ID: |
DSA-3934-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Do, 10. August 2017, 23:57 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117 |
|
Applikationen: |
Git |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : git CVE ID : CVE-2017-1000117
Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.
For the oldstable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u4.
For the stable distribution (stretch), this problem has been fixed in version 1:2.11.0-3+deb9u1.
We recommend that you upgrade your git packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlmMrNUACgkQEL6Jg/PV nWRICwgAlwokEXk2KcCA2aT8lnNlKjM2Ur97JlCB0Ceyu3l+wFfeTeRAN3wRBZAg UNbeElPoCkpLJGiqiSIz7E1EOn5GmMUGoCqy2HWrDvYAKaMvkvWUOHtBaq3nvrGg HsLGc3g70zf2Egv06R94jBisktqn847OAs9FMKz6mrnxZsRCGQPIe57+GYHC3dH9 bTGnwEYiBI5gkQV4uIheVGxKBup9CB5CXQWx9suzG5YRNXLpp1PIBSOaqM4Tstam Kk1yXM1qVlZ6tKwCMsIJJ7aBs5AEt1cYLQqxjr917zoACwiGOuAiAvJZs+Mlsb2Y aAc1b/mWIMC3oB6hxl1Lsr6V2/4M4Q== =VNzk -----END PGP SIGNATURE-----
|
|
|
|