ID CVE-2017-8386
Summary git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
References
Vulnerable Configurations
  • cpe:2.3:a:git:git-shell
    cpe:2.3:a:git:git-shell
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.10
    cpe:2.3:o:canonical:ubuntu_linux:16.10
  • Canonical Ubuntu Linux 17.04
    cpe:2.3:o:canonical:ubuntu_linux:17.04
  • Fedora 24
    cpe:2.3:o:fedoraproject:fedora:24
  • Fedora 25
    cpe:2.3:o:fedoraproject:fedora:25
  • Fedora 26
    cpe:2.3:o:fedoraproject:fedora:26
CVSS
Base: 6.5
Impact:
Exploitability:
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7EA0E02914.NASL
    description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt v.corp.google.com/) : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (CVE-2017-8386). The announcement also notes : If you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running 'git shell' behind gitolite are NOT vulnerable. Further details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101665
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101665
    title Fedora 26 : git (2017-7ea0e02914)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1187.NASL
    description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103025
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103025
    title EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-624.NASL
    description This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - 'Dump http' transport fixes - various fixes for internal code paths - Trailer 'Cc:' RFC fix - git 2.12.1 : - Reduce authentication round-trip over HTTP when the server supports just a single authentication method. - 'git add -i' patch subcommand fixed to have a path selection - various path verification fixes - fix 'git log -L...' buffer overrun This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100500
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100500
    title openSUSE Security Update : git (openSUSE-2017-624)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-04 (Git: Security bypass) Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact : A remote attacker could possibly bypass security restrictions and access sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100647
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100647
    title GLSA-201706-04 : Git: Security bypass
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2004.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102110
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102110
    title RHEL 7 : git (RHSA-2017:2004)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3848.NASL
    description Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100111
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100111
    title Debian DSA-3848-1 : git - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-938.NASL
    description Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.7.10.4-1+wheezy4. We recommend that you upgrade your git packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 100110
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100110
    title Debian DLA-938-1 : git security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-01A7989FC0.NASL
    description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt v.corp.google.com/) : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (CVE-2017-8386). The announcement also notes : If you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running 'git shell' behind gitolite are NOT vulnerable. Further details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 100485
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100485
    title Fedora 24 : git (2017-01a7989fc0)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3287-1.NASL
    description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100218
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100218
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : git vulnerability (USN-3287-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F4319B6DFC.NASL
    description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt v.corp.google.com/) : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (CVE-2017-8386). The announcement also notes : If you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running 'git shell' behind gitolite are NOT vulnerable. Further details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100200
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100200
    title Fedora 25 : git (2017-f4319b6dfc)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2004.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102749
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102749
    title CentOS 7 : git (CESA-2017:2004)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1357-1.NASL
    description This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - 'Dump http' transport fixes - various fixes for internal code paths - Trailer 'Cc:' RFC fix - git 2.12.1 : - Reduce authentication round-trip over HTTP when the server supports just a single authentication method. - 'git add -i' patch subcommand fixed to have a path selection - various path verification fixes - fix 'git log -L...' buffer overrun Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100319
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100319
    title SUSE SLES12 Security Update : git (SUSE-SU-2017:1357-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-842.NASL
    description Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 100643
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100643
    title Amazon Linux AMI : git (ALAS-2017-842)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1188.NASL
    description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103026
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103026
    title EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_GIT_ON_SL7_X.NASL
    description Security Fix(es) : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102640
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102640
    title Scientific Linux Security Update : git on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2004.NASL
    description From Red Hat Security Advisory 2017:2004 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 102294
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102294
    title Oracle Linux 7 : git (ELSA-2017-2004)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1377.NASL
    description According to the versions of the git package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.(CVE-2017-8386) - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 119068
    published 2018-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119068
    title EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377)
redhat via4
advisories
  • bugzilla
    id 1450407
    title CVE-2017-8386 git: Escape out of git-shell
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment emacs-git is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004011
        • comment emacs-git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003012
      • AND
        • comment emacs-git-el is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004013
        • comment emacs-git-el is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003024
      • AND
        • comment git is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004005
        • comment git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003006
      • AND
        • comment git-all is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004027
        • comment git-all is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003028
      • AND
        • comment git-bzr is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004029
        • comment git-bzr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561020
      • AND
        • comment git-cvs is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004019
        • comment git-cvs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003014
      • AND
        • comment git-daemon is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004007
        • comment git-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003026
      • AND
        • comment git-email is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004033
        • comment git-email is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003010
      • AND
        • comment git-gui is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004015
        • comment git-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003022
      • AND
        • comment git-hg is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004031
        • comment git-hg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561026
      • AND
        • comment git-p4 is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004023
        • comment git-p4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561036
      • AND
        • comment git-svn is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004009
        • comment git-svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003020
      • AND
        • comment gitk is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004025
        • comment gitk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003008
      • AND
        • comment gitweb is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004021
        • comment gitweb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003018
      • AND
        • comment perl-Git is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004017
        • comment perl-Git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003016
      • AND
        • comment perl-Git-SVN is earlier than 0:1.8.3.1-11.el7
          oval oval:com.redhat.rhsa:tst:20172004035
        • comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561018
    rhsa
    id RHSA-2017:2004
    released 2017-08-01
    severity Moderate
    title RHSA-2017:2004: git security and bug fix update (Moderate)
  • rhsa
    id RHSA-2017:2491
rpms
  • emacs-git-0:1.8.3.1-11.el7
  • emacs-git-el-0:1.8.3.1-11.el7
  • git-0:1.8.3.1-11.el7
  • git-all-0:1.8.3.1-11.el7
  • git-bzr-0:1.8.3.1-11.el7
  • git-cvs-0:1.8.3.1-11.el7
  • git-daemon-0:1.8.3.1-11.el7
  • git-email-0:1.8.3.1-11.el7
  • git-gui-0:1.8.3.1-11.el7
  • git-hg-0:1.8.3.1-11.el7
  • git-p4-0:1.8.3.1-11.el7
  • git-svn-0:1.8.3.1-11.el7
  • gitk-0:1.8.3.1-11.el7
  • gitweb-0:1.8.3.1-11.el7
  • perl-Git-0:1.8.3.1-11.el7
  • perl-Git-SVN-0:1.8.3.1-11.el7
refmap via4
bid 98409
confirm https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
debian DSA-3848
fedora
  • FEDORA-2017-01a7989fc0
  • FEDORA-2017-7ea0e02914
  • FEDORA-2017-f4319b6dfc
gentoo GLSA-201706-04
misc https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
mlist [git] 20170510 [ANNOUNCE] Git v2.12.3 and others
sectrack 1038479
suse openSUSE-SU-2017:1422
ubuntu USN-3287-1
Last major update 01-06-2017 - 12:29
Published 01-06-2017 - 12:29
Last modified 02-10-2019 - 20:03
Back to Top