git-1.7.1-10.AXS4

エラータID: AXSA:2020-4438:02

Release date: 
Tuesday, February 25, 2020 - 12:52
Subject: 
git-1.7.1-10.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: arbitrary code execution via .gitmodules (CVE-2018-17456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Solution: 

Update packages.

CVEs: 
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Additional Info: 

N/A

Download: 

SRPMS
  1. git-1.7.1-10.AXS4.src.rpm
    MD5: 4fc591a37c4d4fb0628431dba5e8a530
    SHA-256: 6ef0c14c81b3c5df9730c9287020741086d382f9e978b2280059c038ba5ca22f
    Size: 2.40 MB

Asianux Server 4 for x86
  1. git-1.7.1-10.AXS4.i686.rpm
    MD5: 087e05a566b33909a26b5845aee46502
    SHA-256: 25fcdee23980c2cb31f528ac1c87b3d8901fd4b28dac834b81fda7d8b33e6d1f
    Size: 4.51 MB
  2. perl-Git-1.7.1-10.AXS4.noarch.rpm
    MD5: f3d04ecab977f9bba139c161e7d1d054
    SHA-256: 4c1fc6be8a1e3d320e5eed74ce6e464d72c16b9284d15119fdcd2b51d414fbb3
    Size: 28.39 kB

Asianux Server 4 for x86_64
  1. git-1.7.1-10.AXS4.x86_64.rpm
    MD5: 034019f655d08a4b849182e7be3c58ca
    SHA-256: 9081404a3e0d31a584d1c5e9dfba4428a9350dba12630f852279c68b54914c12
    Size: 4.61 MB
  2. perl-Git-1.7.1-10.AXS4.noarch.rpm
    MD5: 7212c285aef85e25bc46352a821be5af
    SHA-256: 224aa466617641ef40b8330ef350df7c402f5addddbd0b5d01fca796183cc9de
    Size: 27.95 kB