git-1.8.3.1-12.el7
エラータID: AXSA:2017-1904:01
リリース日:
2017/08/28 Monday - 04:25
題名:
git-1.8.3.1-12.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2017-1000117 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- git-1.8.3.1-12.el7.src.rpm
MD5: b1d789be60e2fc0ec42382781c6776c1
SHA-256: 2f2ebd0817c7b511d327098d7722fa8446d548e1a2ba7e5995fca6700d3f8a79
Size: 6.82 MB
Asianux Server 7 for x86_64
- git-1.8.3.1-12.el7.x86_64.rpm
MD5: 4366a0f393b12426e7ce06325bed2433
SHA-256: 425e5706071f88ae74efa7a6f40bd044802a34e62282794ea66cdad39cda4e38
Size: 4.39 MB - perl-Git-1.8.3.1-12.el7.noarch.rpm
MD5: a595e6b40ce140a97d4aaf9364101ef6
SHA-256: ec624cadc64461c02283b12ff2c9df112e88165396cc0e9130e9a19c33b23f05
Size: 52.54 kB