Mageia 6: MGASA-2019-0199 Critical: Git Command Execution Risk

mageia

June 20, 2019

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and r...

Summary

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017 (CVE-2018-19486).

References

- https://bugs.mageia.org/show_bug.cgi?id=24058

- https://www.cve.org/CVERecord?id=CVE-2018-19486

Topics Covered

security advisory security issue software update command execution API git Mageia

Resolution

SRPMS

- 6/core/git-2.13.7-1.3.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 21 Jun 2019

URL: https://advisories.mageia.org/MGASA-2019-0199.html

Type: security

CVE: CVE-2018-19486

Topics Covered

security advisory security issue software update command execution API git Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks