Fedora 27 : git (2017-655f0d38c3)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

Updated git packages fix security vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability CVE-2017-14867...

Fedora 25 : git (2017-66aa5d1d33)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

USN-3438-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3438-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3438-1 advisory. It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell...

USN-3438-1 git vulnerability

It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default...

USN-3438-1: Git vulnerability

It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default...

Debian DLA-1120-1 : git security update

joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...

openSUSE Security Update : git (openSUSE-2017-1115)

This update for git to version 2.13.6 fixes the following issues : - CVE-2017-14867: Various Perl scripts did not use safepipecapture instead of backticks, leaving them susceptible to end-user input boo1061041 As an additional measure, 'git cvsserver' no longer is invoked by 'git daemon' by...

[SECURITY] [DLA 1120-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy6 CVE ID : CVE-2017-14867 Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The...

Fedora 26 : git (2017-9b35152c83)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

Git cvsserver Remote Command Execution Vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected...

Git cvsserver Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 git-cvsserver https://git-scm.com Vendor communication 2017-09-08 Sent vulnerability details to the git-security list 2017-09-09 Acknowledgement of t...

Debian DSA-3984-1 : git - security update

joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...

[SECURITY] [DSA 3984-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3984-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2017 https://www.debian.org/security/faq -...