drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Git
Name: |
Ausführen beliebiger Kommandos in Git |
|
ID: |
USN-3791-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
|
Datum: |
Fr, 12. Oktober 2018, 07:12 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456 |
|
Applikationen: |
Git |
|
Originalnachricht |
--===============6665396494988034544== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="hQiwHBbRI9kgIhsi" Content-Disposition: inline
--hQiwHBbRI9kgIhsi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3791-1 October 12, 2018
git vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Git could be made to run programs as your login if it recursively opened a malicious git repository.
Software Description: - git: fast, scalable, distributed revision control system
Details:
It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.3
Ubuntu 16.04 LTS: git 1:2.7.4-0ubuntu1.5
Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.9
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3791-1 CVE-2018-17456
Package Information: https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.3 https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.5 https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.9
--hQiwHBbRI9kgIhsi Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlu/9fQACgkQLwmejQBe gfR8XQ/+PW3SKspVa+3CCIslyO760587cJaYDxn8XaDlMER2jxBnI3DSXV+JlapP TqYUTF2oUw4od5qqDEvzzrxXpd8S9u8IWxKUQgJAzQgnMlGhT6d+saFSZkKOcScd MMM63GiEG3M6hioe61pHEw/ltX3NJgrncvKC1wP6jM2hvvV0YbFqcuoMUEhUJVcv lH/XGFnjZhIAwf9ticZC92nvgVtPmS3UOEtLEa6Z7AE8e1szkO26FpLYjAHMYO90 4lkqj8EHLb8GlU3nZSSwqfGOTPvsnW/lMECs0WWC3JZ0PaWPZNXiCnNJ2JmXCeJs TFKL5lpDN6CXNAsf+MHsbFTVefgbbjhbdESt90MwmJnbRuVSLNQsDltRY+7vnw5c tuirsRk+HYXNbiivhcbKlcpERDB7E9YmL+AijQO/3gie+92jFDs0m482ufJk9oWP nsPdiL+PStuqzKo8W8AdIqyqbxUVDSdadrVXuxN3TzMEp/0LTekZO4077gvU9wZr qgDG/NqOhCZ6lmGLHXmYUIPKM9bTFuAReW4dZz22d7dHM39gr6ymUtYU+IA7nfim SYEd5tQ8Lk+8J/kuex+kyhbXO9qfxJg2GsWtaHt6qCXWsWvP3lkYV4EfFpiJNBeL QO8tPD0vB9RW5/edHx2f3r66gZRX1RoL3q8I10qTAVfRMg2I6Rc= =q5LD -----END PGP SIGNATURE-----
--hQiwHBbRI9kgIhsi--
--===============6665396494988034544== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|