drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Git
Name: |
Ausführen beliebiger Kommandos in Git |
|
ID: |
USN-5076-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM |
|
Datum: |
Di, 14. September 2021, 07:29 |
|
Referenzen: |
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40330
https://ubuntu.com/security/notices/USN-5076-1
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.9 |
|
Applikationen: |
Git |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3315175638461334522== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WP9mIKukByuH48U0cbxdQhePjsdaEacs0"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WP9mIKukByuH48U0cbxdQhePjsdaEacs0 Content-Type: multipart/mixed; boundary="K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO"; protected-headers="v1" From: Spyros Seimenis <spyros.seimenis@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <5d2fe1aa-716b-fa46-e945-38db8ac11923@canonical.com> Subject: [USN-5076-1] Git vulnerability
--K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO Content-Type: text/plain; charset=utf-8; format=flowe Content-Transfer-Encoding: quoted-printable Content-Language: en-US
========================================================================== Ubuntu Security Notice USN-5076-1 September 13, 2021
git vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM
Summary:
Git incorrectly handled certain repository paths.
Software Description: - git: fast, scalable, distributed revision control system
Details:
It was discovered that Git allowed newline characters in certain repository paths. An attacker could potentially use this issue to perform cross-protocol requests.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.2
Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.9
Ubuntu 16.04 ESM: git 1:2.7.4-0ubuntu1.10+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5076-1 CVE-2021-40330
Package Information: https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.9
--K5uu9rHa0sTxw75AxHqyF8OEJTN8bjHGO--
--WP9mIKukByuH48U0cbxdQhePjsdaEacs0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE7RuHJXHViR7WJKbsGvpV6qjR/CAFAmE/ay0FAwAAAAAACgkQGvpV6qjR/CBy +w//b+L5t1WAMiYCiXmjrYIIV9RboNuf9ycRd1ppte3k0jV/NkBBLvUfG1ajQKzHparhe6yEmceX 51B9JsnH2DJ4S+uzDYmRCMYZddKQCdDv1heeCm0XannHYVBV6sp1MFweOtAK6Zb8BucUKtADZLaA jwExRKwEmR3vxfbWyyfF7xH5El9ssWeI6sv4VyEREE1i6iL3irG3v0eZHDJwLQ8e1HhiNpOPQyDa bymm4icwD+EVOlaOWDCKdmoplesIF7n/n4N7y7TkqFoObwRDHIUEiq7Rs00h+AhuEnke9l8cmWiH 1GKX5AmMMDIaqLjJwdF90ekGmN8brGhomZRImAGkiwXgSVLvZy0VwcQGUyQtrsVDISK+u4w4AB1F A4g/phzHjD5Lm+1OpZLfPlgicuzGc8HBzEf5SAEAhplsXdBjzO6kypLd9CzW1ppI+krr9C2yw7M8 h2mGRfUIuGBP0XOPKXc9yxFNzAyFgpkvrgzWxknNT6q8DKujuuzPYc114h+LFrtR/UjC6RZUvWun 5WByvuzpZvtu4ndyXgDXuz00QUf/+PygaVBDGBxwZGVI4uDmlr6I/i/1sVM1IW9qnPu0M4Oql4X+ W/Ym9lTR1TJ74y+/zwVXKjcMCTa6p/dqWeHyWMdU+2IZpGdkcD4mZiG0c4KO3paDluv1aSyKaDaZ DQ0= =S4cG -----END PGP SIGNATURE-----
--WP9mIKukByuH48U0cbxdQhePjsdaEacs0--
--===============3315175638461334522== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============3315175638461334522==--
|
|
|
|