Synopsis: Moderate: git security and bug fix update
Advisory ID: SLSA-2017:2004-1
Issue Date: 2017-08-01
CVE Numbers: CVE-2014-9938
CVE-2017-8386
—
Security Fix(es):
* It was found that the git-prompt.sh script shipped with git failed to
correctly handle branch names containing special characters. A specially
crafted git repository could use this flaw to execute arbitrary commands
if a user working with the repository configured their shell to include
repository information in the prompt. (CVE-2014-9938)
* A flaw was found in the way git-shell handled command-line options for
the restricted set of git-shell commands. A remote, authenticated attacker
could use this flaw to bypass git-shell restrictions, to view and
manipulate files, by abusing the instance of the less command launched
using crafted command-line options. (CVE-2017-8386)
—
SL7
x86_64
git-1.8.3.1-11.el7.x86_64.rpm
git-daemon-1.8.3.1-11.el7.x86_64.rpm
git-debuginfo-1.8.3.1-11.el7.x86_64.rpm
git-svn-1.8.3.1-11.el7.x86_64.rpm
noarch
emacs-git-1.8.3.1-11.el7.noarch.rpm
emacs-git-el-1.8.3.1-11.el7.noarch.rpm
git-all-1.8.3.1-11.el7.noarch.rpm
git-bzr-1.8.3.1-11.el7.noarch.rpm
git-cvs-1.8.3.1-11.el7.noarch.rpm
git-email-1.8.3.1-11.el7.noarch.rpm
git-gui-1.8.3.1-11.el7.noarch.rpm
git-hg-1.8.3.1-11.el7.noarch.rpm
git-p4-1.8.3.1-11.el7.noarch.rpm
gitk-1.8.3.1-11.el7.noarch.rpm
gitweb-1.8.3.1-11.el7.noarch.rpm
perl-Git-1.8.3.1-11.el7.noarch.rpm
perl-Git-SVN-1.8.3.1-11.el7.noarch.rpm
– Scientific Linux Development Team
