Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Scientific Linux: 2015:2561-1 Moderate: Git URL Command Injection

Scientific Large Esm H446
Moderate: git security update
Date: Mon, 21 Dec 2015 23:17:12 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: git on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231712.7115.19661@slpackages.fnal.gov>

Synopsis: Moderate: git security update
Advisory ID: SLSA-2015:2561-1
Issue Date: 2015-12-08
CVE Numbers: None
--

A flaw was found in the way the git-remote-ext helper processed certain
URLs. If a user had Git configured to automatically clone submodules from
untrusted repositories, an attacker could inject commands into the URL of
a submodule, allowing them to execute arbitrary code on the user's system.
--

SL7
 x86_64
 git-1.8.3.1-6.el7.x86_64.rpm
 git-daemon-1.8.3.1-6.el7.x86_64.rpm
 git-debuginfo-1.8.3.1-6.el7.x86_64.rpm
 git-svn-1.8.3.1-6.el7.x86_64.rpm
 noarch
 emacs-git-1.8.3.1-6.el7.noarch.rpm
 emacs-git-el-1.8.3.1-6.el7.noarch.rpm
 git-all-1.8.3.1-6.el7.noarch.rpm
 git-bzr-1.8.3.1-6.el7.noarch.rpm
 git-cvs-1.8.3.1-6.el7.noarch.rpm
 git-email-1.8.3.1-6.el7.noarch.rpm
 git-gui-1.8.3.1-6.el7.noarch.rpm
 git-hg-1.8.3.1-6.el7.noarch.rpm
 git-p4-1.8.3.1-6.el7.noarch.rpm
 gitk-1.8.3.1-6.el7.noarch.rpm
 gitweb-1.8.3.1-6.el7.noarch.rpm
 perl-Git-1.8.3.1-6.el7.noarch.rpm
 perl-Git-SVN-1.8.3.1-6.el7.noarch.rpm

- Scientific Linux Development Team