CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

UBUNTU-CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

DEBIAN-CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-12976

The CVE-2017-12976 issue affects git-annex prior to version 6.20170818, where an ssh URL with a hostname starting with a dash (for example ssh://-eProxyCommand=) can lead to remote command execution. Root cause: simplistic parsing of ssh URLs allows injection through the hostname. Impact is remot...

PT-2017-12814

Name of the Vulnerable Software and Affected Versions git-annex versions prior to 6.20170818 Description The issue allows for command injection via malicious SSH hostname. An attacker could trick a victim into adding a remote repository with a specially crafted URL, such as...

Scientific Linux Security Update : git on SL6.x i386/x86_64 (20170817)

Security Fixes : - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious...

CentOS 6 : git (CESA-2017:2485)

An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

openSUSE Security Update : git (openSUSE-2017-939)

This update for git fixes the following security issues : - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted 'ssh://...' URLs, including submodules boo1052481 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

CentOS Update for emacs-git CESA-2017:2485 centos6

Check the version of emacs-git SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882761";...

Oracle Linux 6 : git (ELSA-2017-2485)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2485 advisory. 1.7.1-9 - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117 Tenable has extracted the preceding description block directly from the...

Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applie...

git: Escape out of git-shell

A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...

Important: Red Hat Security Advisory: rh-git29-git security update

An update for rh-git29-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

git: Command injection via malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...

emacs, git, gitk, gitweb, perl security update

CentOS Errata and Security Advisory CESA-2017:2485 An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security update for git (important)

This update for git fixes the following security issues: - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted "ssh://..." URLs, including submodules boo1052481...

Oracle Linux 7 : git (ELSA-2017-2484)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2484 advisory. 1.8.3.1-12 - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117 Tenable has extracted the preceding description block directly from the...