Nacionalni CERT

Sigurnosni nedostatak programskog paketa git

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-66aa5d1d33<br />2017-10-11 14:44:29.265584<br />--------------------------------------------------------------------------------<br /><br />Name : git<br />Product : Fedora 25<br />Version : 2.9.5<br />Release : 2.fc25<br />URL :<br />Summary : Fast Version Control System<br />Description :<br />Git is a fast, scalable, distributed revision control system with an<br />unusually rich command set that provides both high-level operations<br />and full access to internals.<br /><br />The git rpm installs common set of tools which are usually using with<br />small amount of dependencies. To install all git packages, including<br />tools for integrating with other SCMs, install the git-all meta-package.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />These releases are about hardening `git shell` that is used on servers against<br />an unsafe user input, which `git cvsserver` copes with poorly. From the release<br />notes: * "git cvsserver" no longer is invoked by "git shell" by default,<br />as it is old and largely unmaintained. * Various Perl scripts did not<br />use safe_pipe_capture() instead of backticks, leaving them susceptible to<br />end-user input. They have been corrected. Credits go to<br />joernchen &lt;; for finding the unsafe constructs in "git<br />cvsserver", and to Jeff King at GitHub for finding and fixing instances of<br />the same issue in other scripts. References: &lt;<br />sec/2017/q3/534&gt; &lt;https://public-<br />;<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade git' at the command line.<br />For more information, refer to the dnf documentation available at<br /> /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br /><br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list --<br />To unsubscribe send an email to</p>
Otkriven je sigurnosni nedostatak u programskom paketu git za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.