 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.13.2017.223.01 |
| Kategorie: | Slackware Local Security Checks |
| Titel: | Slackware: Security Advisory (SSA:2017-223-01) |
| Zusammenfassung: | The remote host is missing an update for the 'git' package(s) announced via the SSA:2017-223-01 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'git' package(s) announced via the SSA:2017-223-01 advisory. Vulnerability Insight: New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/git-2.14.1-i586-1_slack14.2.txz: Upgraded. Fixes security issues: A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL, a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'git' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000117 BugTraq ID: 100283 http://www.securityfocus.com/bid/100283 Debian Security Information: DSA-3934 (Google Search) http://www.debian.org/security/2017/dsa-3934 https://www.exploit-db.com/exploits/42599/ https://security.gentoo.org/glsa/201709-10 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html RedHat Security Advisories: RHSA-2017:2484 https://access.redhat.com/errata/RHSA-2017:2484 RedHat Security Advisories: RHSA-2017:2485 https://access.redhat.com/errata/RHSA-2017:2485 RedHat Security Advisories: RHSA-2017:2491 https://access.redhat.com/errata/RHSA-2017:2491 RedHat Security Advisories: RHSA-2017:2674 https://access.redhat.com/errata/RHSA-2017:2674 RedHat Security Advisories: RHSA-2017:2675 https://access.redhat.com/errata/RHSA-2017:2675 http://www.securitytracker.com/id/1039131 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |