Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-2004

Опубликовано: 07 авг. 2017
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2017-2004: git security and bug fix update (MODERATE)

[1.8.3.1-11]

  • dissalow repo names beginning with dash Resolves: CVE-2017-8386

[-1.8.3.1-10]

  • do not put unsanitized branch names in Resolves: CVE-2014-9938

[-1.8.3.1-9]

  • add control of GSSAPI credential delegation to enable HTTP(S)-SSO authentication Resolves: #1369173

[1.8.3.1-8]

  • remove needles check of xmalloc from previous patch Resolves: #1318255

[1.8.3.1-7]

  • fix heap overflow CVE-2016-2315 CVE-2016-2324 Resolves: #1318255

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

emacs-git

1.8.3.1-11.el7

emacs-git-el

1.8.3.1-11.el7

git

1.8.3.1-11.el7

git-all

1.8.3.1-11.el7

git-bzr

1.8.3.1-11.el7

git-cvs

1.8.3.1-11.el7

git-daemon

1.8.3.1-11.el7

git-email

1.8.3.1-11.el7

git-gui

1.8.3.1-11.el7

git-hg

1.8.3.1-11.el7

git-p4

1.8.3.1-11.el7

git-svn

1.8.3.1-11.el7

gitk

1.8.3.1-11.el7

gitweb

1.8.3.1-11.el7

perl-Git

1.8.3.1-11.el7

perl-Git-SVN

1.8.3.1-11.el7

Oracle Linux x86_64

emacs-git

1.8.3.1-11.el7

emacs-git-el

1.8.3.1-11.el7

git

1.8.3.1-11.el7

git-all

1.8.3.1-11.el7

git-bzr

1.8.3.1-11.el7

git-cvs

1.8.3.1-11.el7

git-daemon

1.8.3.1-11.el7

git-email

1.8.3.1-11.el7

git-gui

1.8.3.1-11.el7

git-hg

1.8.3.1-11.el7

git-p4

1.8.3.1-11.el7

git-svn

1.8.3.1-11.el7

gitk

1.8.3.1-11.el7

gitweb

1.8.3.1-11.el7

perl-Git

1.8.3.1-11.el7

perl-Git-SVN

1.8.3.1-11.el7

Связанные CVE

CVE-2017-8386
CVE-2014-9938

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-9938

CVSS3: 8.8
ubuntu
больше 8 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

redhat логотип

CVE-2014-9938

CVSS3: 7.8
redhat
больше 11 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

nvd логотип

CVE-2014-9938

CVSS3: 8.8
nvd
больше 8 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

debian логотип

CVE-2014-9938

CVSS3: 8.8
debian
больше 8 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...

ubuntu логотип

CVE-2017-8386

CVSS3: 8.8
ubuntu
больше 8 лет назад

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.