Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Git
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Git
ID: USN-3243-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Do, 23. März 2017, 14:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9938
Applikationen: Git

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1456236212076551272==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="NlO6xMpcNR1aQGVjq81K46ki8jiJUfU2K"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NlO6xMpcNR1aQGVjq81K46ki8jiJUfU2K
Content-Type: multipart/mixed;
boundary="j4lafEjVsU6rDUOlEucFgPX0xw5iDNqJ8"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5666f477-603f-fa41-e26b-7c3f44a465cf@canonical.com>
Subject: [USN-3243-1] Git vulnerability

--j4lafEjVsU6rDUOlEucFgPX0xw5iDNqJ8
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3243-1
March 23, 2017

git vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Git could be made to run programs as your login if it explored a specially
crafted repository.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

It was discovered that Git incorrectly sanitized branch names in the PS1
variable when configured to display the repository status in the shell
prompt. If a user were tricked into exploring a malicious repository, a
remote attacker could use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3243-1
CVE-2014-9938

Package Information:
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.4



--j4lafEjVsU6rDUOlEucFgPX0xw5iDNqJ8--

--NlO6xMpcNR1aQGVjq81K46ki8jiJUfU2K
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJY08R3AAoJEGVp2FWnRL6TvW0QAJAvbKMWsBI9Vw0QwB40/6s7
gB5asoJQ9QR7JeKDKJyaunOtvR5S+JLvyS01VHlA8/wtU+Vx5tGZcdJw18NSkDXs
J8PxoMlxjGuydI9DTI8CIF55LZ6LG4A6JgEBCKc3IHS98cd6YOMHmjkjxlSO9hep
7k0uIth9zzlASpA9R/TtPSoUx8t+nix3VoKK1Zk2h9E+HOOeLcz0zaqZn9QmkDvW
BnJx+CYuKYVdtL05vXdwILo8NGc8uZpEQ1DLFPubJ0XoPSkx+Rp2MIhoOMgO6zCG
vElR6VkcRnRxmmPnMoe20cvMqLm+Wa7bhh44qVBZsSPT7lh2zhpp3uZUu0sN+9g2
sncAgVGruDX88Pb2ju5lgrKsB8DQwgo/wx2QMbK0DwzhOC1MXNHNHTgHzlerQXPs
7Ykv5Bc7N2DI66IauFk7xUr3+f3L3kPt/fdQn7S0j1jqpu6Syie4dm+sFw4COxsT
2nQVZDoWKxLs0sBQC50fWLpVP0+rcFqmizwcha91pYQCdcKExjzYShzH9XZ2qRzG
HLRo5RjqBHsiugAMq4mr957COBKo6SVEDZKR9HJIrBe6ORVdhP+FZis2JYuoqlbr
9Hsdn5bwTZz81gh7vdwLboCTuc7U7HbWXeY9JehHQEdcy0Qo/12evWjHmhMUTJPr
X0qNtjowEaahHwbJY0QF
=9tPx
-----END PGP SIGNATURE-----

--NlO6xMpcNR1aQGVjq81K46ki8jiJUfU2K--


--===============1456236212076551272==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1456236212076551272==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung