security advisoryFedoraremote access
An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/This email address is being protected from spambots. You need JavaScript enabled to view it./): ... fix a recently disclosed problem with "git shell", which may allow a user who comes over SSH to run an interactive pager by causing it to spawn "git. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-01a7989fc0 2017-05-27 21:36:58.901332 --------------------------------------------------------------------------------Name : git Product : Fedora 24 Version : 2.7.5 Release : 1.fc24 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. --------------------------------------------------------------------------------Update Information: An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/This email address is being protected from spambots. You need JavaScript enabled to view it./): ... fix a recently disclosed problem with "git shell", which may allow a user who comes over SSH to run an interactive pager by causing it to spawn "git upload-pack --help" (CVE-2017-8386). The announcement also notes: If you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running "git shell" behind gitolite are NOT vulnerable. Further details can be found in the commit message which fixed theissue ([3ec804490](). --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade git' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . A patch has been released to address a vulnerability in git-shell that allowed unauthorized remote access and interaction with pager functionality on Fedora 24.. Git Shell Security, Fedora 24 Update, Remote User Access, Interactive Pager Issue. . Severity: Important. LinuxSecurity.com Team
May 28, 2017
•Important
Fedora
Refine advisories
