[SECURITY] Fedora 26 Update: git-2.13.5-1.fc26

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Malicious Git HTTP Server For CVE-2017-1000117

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git...

[ASA-201708-6] git: arbitrary command execution

Arch Linux Security Advisory ASA-201708-6 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000117 Package : git Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-377 Summary ======= The package git before...

[slackware-security] git

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/git-2.14.1-i586-1slack14.2.txz: Upgraded. Fixes security issues: A "ssh://..." URL can result in a "ssh"...

JexBoss: Java Deserialization Verification & EXploitation Tool!

PenTestIT RSS Feed I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss...

USN-3387-1: Git vulnerability

Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user...

USN-3387-1 git vulnerability

Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user...

Ubuntu: Security Advisory (USN-3387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3387-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3387-1 advisory. Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this...

Debian DSA-3934-1 : git - security update

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Around the world programmers Please Note, You must now immediately updates your version control system, Git, SVN, Mercurial open-source version control system recently to fix critical security vulnerabilities, the delay in the upgrade, you will be affected by the vulnerability. More mainstream...

[SECURITY] [DSA 3934-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3934-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...

libreoffice: Container-overflow in HMemIODev::read1b

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=6628872739094528 Project: libreoffice Fuzzer: libFuzzerlibreofficehwpfuzzer Fuzz target binary: hwpfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Container-overflow...

PT-2017-2800

Name of the Vulnerable Software and Affected Versions Subversion versions prior to 1.8.19 Subversion versions 1.9.x prior to 1.9.7 Subversion versions 1.10.0.x through 1.10.0-alpha3 git-annex versions prior to 6.20170818 Description A maliciously constructed URL could cause Subversion clients to...

PT-2017-3344

Name of the Vulnerable Software and Affected Versions CVS versions 1.12.x git-annex versions prior to 6.20170818 Description The issue is related to the improper handling of data when interacting with a remote repository over SSH. This could allow a remote attacker to execute arbitrary code by...

cvs -- Remote code execution via ssh command injection

Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...

Mercurial -- multiple vulnerabilities

Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...

GitLab -- two vulnerabilities

GitLab reports: Remote Command Execution in git client An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

PT-2017-10820

Name of the Vulnerable Software and Affected Versions git versions prior to 6.20170818 git-scm git affected versions not specified Description A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exist...