Lucene search
AmazonALAS-2018-1093HistoryOct 17, 2018 - 10:02 p.m.
Important: git
2018-10-1722:02:00
alas.aws.amazon.com
558
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.161 Low
EPSS
Percentile
95.9%
Issue Overview:
Git before 2.14.5, allows remote code execution during processing of a recursive “git clone” of a superproject if a .gitmodules file has a URL field beginning with a ‘-’ character.(CVE-2018-17456)
Affected Packages:
git
Issue Correction:
Run yum update git to update your system.
New Packages:
i686:
git-debuginfo-2.14.5-1.59.amzn1.i686
git-svn-2.14.5-1.59.amzn1.i686
git-daemon-2.14.5-1.59.amzn1.i686
git-2.14.5-1.59.amzn1.i686
noarch:
git-p4-2.14.5-1.59.amzn1.noarch
git-email-2.14.5-1.59.amzn1.noarch
perl-Git-SVN-2.14.5-1.59.amzn1.noarch
git-hg-2.14.5-1.59.amzn1.noarch
emacs-git-2.14.5-1.59.amzn1.noarch
emacs-git-el-2.14.5-1.59.amzn1.noarch
git-all-2.14.5-1.59.amzn1.noarch
perl-Git-2.14.5-1.59.amzn1.noarch
git-bzr-2.14.5-1.59.amzn1.noarch
git-cvs-2.14.5-1.59.amzn1.noarch
gitweb-2.14.5-1.59.amzn1.noarch
src:
git-2.14.5-1.59.amzn1.src
x86_64:
git-daemon-2.14.5-1.59.amzn1.x86_64
git-svn-2.14.5-1.59.amzn1.x86_64
git-2.14.5-1.59.amzn1.x86_64
git-debuginfo-2.14.5-1.59.amzn1.x86_64
Additional References
Red Hat: CVE-2018-17456
Mitre: CVE-2018-17456
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | git-debuginfo | < 2.14.5-1.59.amzn1 | git-debuginfo-2.14.5-1.59.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | git-svn | < 2.14.5-1.59.amzn1 | git-svn-2.14.5-1.59.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | git-daemon | < 2.14.5-1.59.amzn1 | git-daemon-2.14.5-1.59.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | git | < 2.14.5-1.59.amzn1 | git-2.14.5-1.59.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | git-p4 | < 2.14.5-1.59.amzn1 | git-p4-2.14.5-1.59.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | git-email | < 2.14.5-1.59.amzn1 | git-email-2.14.5-1.59.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | perl-git-svn | < 2.14.5-1.59.amzn1 | perl-Git-SVN-2.14.5-1.59.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | git-hg | < 2.14.5-1.59.amzn1 | git-hg-2.14.5-1.59.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | emacs-git | < 2.14.5-1.59.amzn1 | emacs-git-2.14.5-1.59.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | emacs-git-el | < 2.14.5-1.59.amzn1 | emacs-git-el-2.14.5-1.59.amzn1.noarch.rpm |
Related
atlassian
atlassian
nessus
nessus
Oracle Linux 6 : git (ELSA-2020-0316)
2020-02-04 00:00:00
SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:3150-1)
2019-01-02 00:00:00
EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)
2019-04-09 00:00:00
prion
prion
Remote code execution
2018-10-06 14:29:00
osv
osv
git - security update
2018-10-05 00:00:00
CVE-2018-17456
2018-10-06 14:29:00
git - security update
2018-10-05 00:00:00
suse
suse
Security update for git (important)
2018-10-17 06:09:56
Security update for libgit2 (important)
2018-12-08 15:09:50
Security update for git (important)
2018-10-12 12:11:54
packetstorm
packetstorm
Malicious Git HTTP Server
2018-11-15 00:00:00
Git Submodule Arbitrary Code Execution
2018-10-08 00:00:00
Git Submodule Arbitrary Code Execution
2018-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2018-17456
2018-10-06 00:00:00
mageia
mageia
Updated git packages fix security vulnerability
2018-10-14 03:58:33
centos
centos
emacs, git, gitk, gitweb, perl security update
2018-11-20 23:41:54
emacs, git, gitk, gitweb, perl security update
2020-02-03 17:18:41
openvas
openvas
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-2389)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1291)
2020-01-23 00:00:00
CentOS: Security Advisory for emacs-git (CESA-2020:0316)
2020-02-04 00:00:00
exploitpack
exploitpack
Git Submodule - Arbitrary Code Execution (PoC)
2018-10-05 00:00:00
Git Submodule - Arbitrary Code Execution
2018-10-16 00:00:00
zdt
zdt
Git Submodule - Arbitrary Code Execution Vulnerability
2018-10-09 00:00:00
debian
debian
[SECURITY] [DSA 4311-1] git security update
2018-10-05 19:29:29
[SECURITY] [DSA 4311-1] git security update
2018-10-05 19:29:29
redhat
redhat
(RHSA-2018:3541) Important: rh-git29-git security update
2018-11-12 10:58:59
(RHSA-2020:0316) Important: git security update
2020-02-03 08:18:58
(RHSA-2018:3408) Important: git security update
2018-10-30 14:56:57
freebsd
freebsd
Libgit2 -- multiple vulnerabilities
2018-10-05 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:25:29
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.17.2-alt1
2018-09-27 00:00:00
Security fix for the ALT Linux 8 package git version 2.17.2-alt1
2018-09-27 00:00:00
metasploit
metasploit
Malicious Git HTTP Server For CVE-2018-17456
2018-10-18 03:02:28
alpinelinux
alpinelinux
CVE-2018-17456
2018-10-06 14:29:00
cve
cve
CVE-2018-17456
2018-10-06 14:29:00
amazon
amazon
Important: git
2018-10-24 16:31:00
checkpoint_advisories
checkpoint_advisories
Git Submodule Remote Code Execution (CVE-2018-17456)
2020-03-01 00:00:00
oraclelinux
oraclelinux
git security update
2018-11-09 00:00:00
git security update
2020-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: libgit2-0.27.5-1.fc29
2018-10-09 00:08:31
[SECURITY] Fedora 29 Update: git-2.19.1-1.fc29
2018-10-09 00:08:13
[SECURITY] Fedora 28 Update: git-2.17.2-1.fc28
2018-10-10 22:47:45
ibm
ibm
cloudfoundry
cloudfoundry
USN-3791-1: Git vulnerability | Cloud Foundry
2018-10-15 00:00:00
archlinux
archlinux
[ASA-201810-7] git: arbitrary code execution
2018-10-09 00:00:00
redhatcve
redhatcve
CVE-2018-17456
2018-10-05 21:49:09
ubuntu
ubuntu
Git vulnerability
2018-10-12 00:00:00
debiancve
debiancve
CVE-2018-17456
2018-10-06 14:29:00
slackware
slackware
[slackware-security] git
2018-10-11 00:35:23
exploitdb
exploitdb
Git Submodule - Arbitrary Code Execution (PoC)
2018-10-05 00:00:00
Git Submodule - Arbitrary Code Execution
2018-10-16 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0185
2019-11-01 00:00:00
Critical Photon OS Security Update - PHSA-2019-0185
2019-11-01 00:00:00
Critical Photon OS Security Update - PHSA-2019-0036
2019-10-23 00:00:00
kitploit
kitploit
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.161 Low
EPSS
Percentile
95.9%
Related for ALAS-2018-1093