Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Git
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Git
ID: USN-3791-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
Datum: Fr, 12. Oktober 2018, 07:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
Applikationen: Git

Originalnachricht


--===============6665396494988034544==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="hQiwHBbRI9kgIhsi"
Content-Disposition: inline


--hQiwHBbRI9kgIhsi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3791-1
October 12, 2018

git vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Git could be made to run programs as your login if it recursively
opened a malicious git repository.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

It was discovered that git did not properly validate git submodule
urls or paths. A remote attacker could possibly use this to craft a
git repository that causes arbitrary code execution when recursive
operations are used.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
git 1:2.17.1-1ubuntu0.3

Ubuntu 16.04 LTS:
git 1:2.7.4-0ubuntu1.5

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3791-1
CVE-2018-17456

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.3
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.5
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.9


--hQiwHBbRI9kgIhsi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlu/9fQACgkQLwmejQBe
gfR8XQ/+PW3SKspVa+3CCIslyO760587cJaYDxn8XaDlMER2jxBnI3DSXV+JlapP
TqYUTF2oUw4od5qqDEvzzrxXpd8S9u8IWxKUQgJAzQgnMlGhT6d+saFSZkKOcScd
MMM63GiEG3M6hioe61pHEw/ltX3NJgrncvKC1wP6jM2hvvV0YbFqcuoMUEhUJVcv
lH/XGFnjZhIAwf9ticZC92nvgVtPmS3UOEtLEa6Z7AE8e1szkO26FpLYjAHMYO90
4lkqj8EHLb8GlU3nZSSwqfGOTPvsnW/lMECs0WWC3JZ0PaWPZNXiCnNJ2JmXCeJs
TFKL5lpDN6CXNAsf+MHsbFTVefgbbjhbdESt90MwmJnbRuVSLNQsDltRY+7vnw5c
tuirsRk+HYXNbiivhcbKlcpERDB7E9YmL+AijQO/3gie+92jFDs0m482ufJk9oWP
nsPdiL+PStuqzKo8W8AdIqyqbxUVDSdadrVXuxN3TzMEp/0LTekZO4077gvU9wZr
qgDG/NqOhCZ6lmGLHXmYUIPKM9bTFuAReW4dZz22d7dHM39gr6ymUtYU+IA7nfim
SYEd5tQ8Lk+8J/kuex+kyhbXO9qfxJg2GsWtaHt6qCXWsWvP3lkYV4EfFpiJNBeL
QO8tPD0vB9RW5/edHx2f3r66gZRX1RoL3q8I10qTAVfRMg2I6Rc=
=q5LD
-----END PGP SIGNATURE-----

--hQiwHBbRI9kgIhsi--


--===============6665396494988034544==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung