Oval Definition:	oval:com.ubuntu.xenial:def:201714867000
Revision Date: 2017-09-28 Version: 1 Title: CVE-2017-14867 on Ubuntu 16.04 LTS (xenial) - medium. Description: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-14867 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND The 'git' package in xenial was vulnerable but has been fixed (note: '1:2.7.4-0ubuntu1.3').
BACK