git-1.8.3.1-12.el7

エラータID: AXSA:2017-1904:01

Release date: 
Monday, August 28, 2017 - 04:25
Subject: 
git-1.8.3.1-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations
and full access to internals.

The git rpm installs the core tools with minimal dependencies. To
install all git packages, including tools for integrating with other
SCMs, install the git-all meta-package.

CVE-2017-1000
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. git-1.8.3.1-12.el7.src.rpm
    MD5: b1d789be60e2fc0ec42382781c6776c1
    SHA-256: 2f2ebd0817c7b511d327098d7722fa8446d548e1a2ba7e5995fca6700d3f8a79
    Size: 6.82 MB

Asianux Server 7 for x86_64
  1. git-1.8.3.1-12.el7.x86_64.rpm
    MD5: 4366a0f393b12426e7ce06325bed2433
    SHA-256: 425e5706071f88ae74efa7a6f40bd044802a34e62282794ea66cdad39cda4e38
    Size: 4.39 MB
  2. perl-Git-1.8.3.1-12.el7.noarch.rpm
    MD5: a595e6b40ce140a97d4aaf9364101ef6
    SHA-256: ec624cadc64461c02283b12ff2c9df112e88165396cc0e9130e9a19c33b23f05
    Size: 52.54 kB