11 matches found
kyber-k8s (>=0.0.0 <=0.8.0rc2) potentially affected by CVE-2017-16228 via dulwich (=0.16.3)
dulwich PYPI version =0.16.3 is affected by a known vulnerability. The following packages have a transitive dependency on dulwich and may be impacted: - kyber-k8s =0.0.0, =0.8.0rc2 Source cves: CVE-2017-16228 Source advisory: OSV:GHSA-CWWH-4382-6FWR...
Updated python-dulwich packages fix security vulnerability
Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname CVE-2017-16228...
openSUSE Security Update : python-dulwich (openSUSE-2018-801)
This update for python-dulwich to version 0.18.5 fixes this security issue : - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...
Security update for python-dulwich (moderate)
This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...
SUSE-SU-2018:2047-1 Security update for python-dulwich
This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...
Fedora 27 : python-dulwich (2017-5dd9b12179)
Update to 0.18.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora Update for python-dulwich FEDORA-2017-5dd9b12179
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Design/Logic Flaw
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-16228
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-16228
Summary (CVE-2017-16228) : Dulwich up to version 0.18.5 is vulnerable when an SSH subprocess is used and an ssh URL with an initial dash in the hostname is processed, allowing remote command execution. The issue stems from inadequate validation of ssh URLs, enabling an attacker-controlled hostnam...