Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 29: FEDORA-2018-f467c36c2b Critical: Git Path Command Issue

fedora
Calendar Grey November 28, 2018
Dist Fedora Esm H88
Fedora 29 users must upgrade Git to mitigate CVE-2018-19486 vulnerabilities. This update tackles critical Git URL handling flaws to ensure security.
Upstream bugfix and security update

Summary

Git is a fast, scalable, distributed revision control system with an

unusually rich command set that provides both high-level operations

and full access to internals.

The git rpm installs common set of tools which are usually using with

small amount of dependencies. To install all git packages, including

tools for integrating with other SCMs, install the git-all meta-package.

Upstream bugfix and security update. Refer to the [release

notes]() for

general information and upstream commit

[321fd82389](https://github.com/git/git/commit/321fd82389) for details on

CVE-2018-19486.

* Wed Nov 21 2018 Todd Zullinger - 2.19.2-1

- Update to 2.19.2

* Tue Oct 23 2018 Todd Zullinger

- Skip test BuildRequires when --without tests is used

- Simplify gpg verification of Source0

- Use %{without ...} macro consistently

- Add comments to %endif statements

- Add glibc-langpack-en BuildRequires for en_US.UTF-8 locale

* Mon Oct 22 2018 Pavel Cahyna - 2.19.1-2

- Update condition for the t5540-http-push-webdav test for future RHEL

[ 1 ] Bug #1653143 - CVE-2018-19486 git: Improper handling of PATH allows for commands to executed from current directory

https://bugzilla.redhat.com/show_bug.cgi?id=1653143

su -c 'dnf upgrade --advisory FEDORA-2018-f467c36c2b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical Fedora bugfix command issue Git

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 2.19.2
Release: 1.fc29
URL: https://git-scm.com/
Summary: Fast Version Control System

Topics%20covered

Topics Covered

security advisory critical Fedora bugfix command issue Git

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here