Updated git packages fix security vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability CVE-2017-14867...

MGASA-2017-0404 Updated git packages fix security vulnerability

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability CVE-2017-14867...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CloudBees Jenkins Git Client Plugin Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Git...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

The vulnerability of the distributed Git version control system, related to insufficient validation of input data, allows a hacker to execute arbitrary operating system commands.

The vulnerability of the distributed Git version control system is related to the use of insecure Perl scripts for supporting subcommands such as cvsserver. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on behalf of the git user remotely...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points ...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

Information disclosure

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000242

CVE-2017-1000242 affects Jenkins Git Client Plugin 2.4.2 and earlier, where temporary files are created with insecure permissions, enabling information disclosure. The known impact is information leakage due to insecure file permissions; exploitation details are not provided in the available docu...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1266)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support...

EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1265)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support...

Debian DSA-4010-1 : git-annex - security update

It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

DSA-4010-1 git-annex - security update

Bulletin has no description...

Debian DLA-1144-1 : git-annex security update

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7...

Debian: Security Advisory (DSA-4010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...