DLA-1533-1 git - security update

Bulletin has no description...

git security update

1.8.3.1-14 - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1...

Fedora 27 : git (2018-080a3d7866)

Upstream security fixes related to .gitmodules handling. From the upstream announcement : - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. ...

DSA-4212-1 git - security update

Bulletin has no description...

Fedora 27 : git (2017-2c7ddf53d3)

Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service memory consumption via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attem...

Fedora 25 : git (2017-cdfd888e2e)

Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service memory consumption via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attem...

Debian DLA-1068-1 : git security update

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For Debian 7 'Wheezy', these problems have been fixed in version...

git security update

1.7.1-9 - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117...

SSH command injection Vulnerability(CVE-2017-1000117)analysis-vulnerability warning-the black bar safety net

0x01 vulnerability overview A malicious person can through the ingenious structure“ssh://...”link, and let the victim in the implementation of the program, such as the case to access the malicious link, so as to achieve command execution purposes. The links can be placed in the git project...

openSUSE Security Update : git (openSUSE-2017-624)

This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name bsc1038395 - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - 'Dump http' transport fixes -...

SUSE-SU-2017:1357-1 Security update for git

This update for git fixes the following issues: - git 2.12.3: CVE-2017-8386: Fix git-shell not to escape with the starting dash name bsc1038395 Fix for potential segv introduced in v2.11.0 and later Misc fixes and cleanups. - git 2.12.2: CLI output fixes 'Dump http' transport fixes various fixes...

[SECURITY] [DLA 938-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy4 CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For Debian 7 "Wheezy", these...

Important: git

Issue Overview: An integer truncation flaw CVE-2016-2315 and an integer overflow flaw CVE-2016-2324, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git...

CentOS 6 / 7 : git (CESA-2016:0496)

Updated git packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

RHEL 6 / 7 : git (RHSA-2016:0496)

Updated git packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

SUSE-SU-2016:0796-1 Security update for git

This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328...