You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa git

Sigurnosni nedostatak programskog paketa git

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3438-1
October 05, 2017

git vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Git be made to run programs if it processed a specially crafted file.

Software Description:
– git: fast, scalable, distributed revision control system

Details:

It was discovered that Git incorrectly handled certain subcommands such as
cvsserver. A remote attacker could possibly use this issue via shell
metacharacters in modules names to execute arbitrary code.

This update also removes the cvsserver subcommand from git-shell by
default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
git 1:2.11.0-2ubuntu0.3

Ubuntu 16.04 LTS:
git 1:2.7.4-0ubuntu1.3

Ubuntu 14.04 LTS:
git 1:1.9.1-1ubuntu0.7

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3438-1
CVE-2017-14867

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.11.0-2ubuntu0.3
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.3
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZ1iR5AAoJEGVp2FWnRL6TtHsP+wRQ3KBRBBCh6MwgturCBBUr
U637Hc+ttH+h/hrdRngWv5XuemJZl2c1ZquYr1W3gZslOpQSIv7uHSM++Xevqg4v
FKQf7YeYJpG0MSMppag8/2DYJXcsCvssbMosBdK5GpCXwRUX/qX8nE1sPQMg8Azu
8S9V/7WZF82kVJByztdxIt0o50g6ezQo2itXr6z26lpgBONHMLx4NHX4rIsZ6qXA
RnGi/KW77LeMixN8re5JZaBIx9L7i1DUWUq71mwZnICUSL9eDb4rgAPg2vC6M/dy
HU/4R0zLMBUW0qa767IvSqqyREAzfPcBzeNqlu43fCGLDEknEYqSe8bpF4p4d5Zt
1pui81uulNE/5b0B8ohMGdNuXsSm1KCJt8PDLZwYX8bdnB3sqA2lpjD+T8yExOpa
45sgajTQc18Un1+5p3ACbBv47sV2O0jyQUy9qrm5GbxTQRd2AvWvmXzqx4A25Qpd
3fpzC3ejjln/qvc4b+cU0kAnNEhgB9NpnMC+tZjCeO7NmRZ48IWo3dwlalfM20Y/
IqNZ8HV4BaW2oRFBhkqizBWOcqvQxiScgAaWQQN0ZDsx9DVjl39zjCQgmocTgoo5
k5d68H874j43aGTuJiS4Gw7O2FxsP0z4ZK0LNMTv1mkoB3/avYryE1fPlKqtNB2E
ujNYO5EMn5Qw2XfqgELj
=o5KN
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-10-0033-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora 26. Otkriveni nedostatak potencijalnim lokalnim napadačima omogućuje otkrivanje osjetljivih informacija ili zaobilaženje...

Close