Oval Definition:oval:com.redhat.rhsa:def:20172484
Revision Date:2017-08-16Version:635
Title:RHSA-2017:2484: git security update (Important)
Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2017-1000117
    RHSA-2017:2484
    RHSA-2017:2484-00
    RHSA-2017:2484-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • emacs-git is earlier than 0:1.8.3.1-12.el7_4
  • AND emacs-git is signed with Red Hat redhatrelease2 key
  • emacs-git-el is earlier than 0:1.8.3.1-12.el7_4
  • AND emacs-git-el is signed with Red Hat redhatrelease2 key
  • git is earlier than 0:1.8.3.1-12.el7_4
  • AND git is signed with Red Hat redhatrelease2 key
  • git-all is earlier than 0:1.8.3.1-12.el7_4
  • AND git-all is signed with Red Hat redhatrelease2 key
  • git-bzr is earlier than 0:1.8.3.1-12.el7_4
  • AND git-bzr is signed with Red Hat redhatrelease2 key
  • git-cvs is earlier than 0:1.8.3.1-12.el7_4
  • AND git-cvs is signed with Red Hat redhatrelease2 key
  • git-daemon is earlier than 0:1.8.3.1-12.el7_4
  • AND git-daemon is signed with Red Hat redhatrelease2 key
  • git-email is earlier than 0:1.8.3.1-12.el7_4
  • AND git-email is signed with Red Hat redhatrelease2 key
  • git-gui is earlier than 0:1.8.3.1-12.el7_4
  • AND git-gui is signed with Red Hat redhatrelease2 key
  • git-hg is earlier than 0:1.8.3.1-12.el7_4
  • AND git-hg is signed with Red Hat redhatrelease2 key
  • git-p4 is earlier than 0:1.8.3.1-12.el7_4
  • AND git-p4 is signed with Red Hat redhatrelease2 key
  • git-svn is earlier than 0:1.8.3.1-12.el7_4
  • AND git-svn is signed with Red Hat redhatrelease2 key
  • gitk is earlier than 0:1.8.3.1-12.el7_4
  • AND gitk is signed with Red Hat redhatrelease2 key
  • gitweb is earlier than 0:1.8.3.1-12.el7_4
  • AND gitweb is signed with Red Hat redhatrelease2 key
  • perl-Git is earlier than 0:1.8.3.1-12.el7_4
  • AND perl-Git is signed with Red Hat redhatrelease2 key
  • perl-Git-SVN is earlier than 0:1.8.3.1-12.el7_4
  • AND perl-Git-SVN is signed with Red Hat redhatrelease2 key
  • BACK