git-1.8.3.1-14.el7
エラータID: AXSA:2018-3186:02
リリース日:
2018/06/21 Thursday - 09:15
題名:
git-1.8.3.1-14.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Git には巧妙に細工した .gitmodules ファイルで,"git clone
--recurse-submodules" を実行するマシン上で,不正なプロジェクト
が任意のスクリプトを実行する脆弱性があります。(CVE-2018-11235)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
追加情報:
N/A
ダウンロード:
SRPMS
- git-1.8.3.1-14.el7.src.rpm
MD5: 272da43b9c78719777219bdb92990ac5
SHA-256: cd676881d726c889817301bee390c7500a1641488855a882ded65071fd56078b
Size: 6.87 MB
Asianux Server 7 for x86_64
- git-1.8.3.1-14.el7.x86_64.rpm
MD5: 43dda85d6ed2afa4e1a7002ca57a0dd3
SHA-256: 77bc1480921903ee5c2b24d4419b319f0147b5b07fc134fcb4c056b9935b1854
Size: 4.40 MB - perl-Git-1.8.3.1-14.el7.noarch.rpm
MD5: 2f452a744fc91f49b1ee781c099de6b3
SHA-256: 2c6f54ce476620717678e8824a54d5c4453b74013a678cdc9b60a5e61be3daae
Size: 52.96 kB