Stay Secure with the Latest Linux Advisories

security advisoryFedoraPerl script

Fedora 26: Git Shell Unsafe Input Issue Resolved - Moderate Severity

These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-9b35152c83 2017-09-28 16:42:23.950922 --------------------------------------------------------------------------------Name : git Product : Fedora 26 Version : 2.13.6 Release : 1.fc26 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. --------------------------------------------------------------------------------Update Information: These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. They have been corrected. Credits go to joernchen for finding the unsafe constructs in "git cvsserver", and to Jeff King at GitHub for finding and fixing instances of the same issue in other scripts. References: --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade git' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Strengthening the git command line on Fedora 26 to prevent vulnerabilities from untrusted user input by implementing critical security patches and enhancements.. Fedora Git Update, Git Shell Security, Perl Script Fixes, Software Hardening. . LinuxSecurity.com Team

Sep 28, 2017 Fedora