FEDORA-2017-8ba7572cfd created by tmz 2 years ago for Fedora 25
stable

Resolve an arbitrary code execution vulnerability via crafted "ssh://" URL (CVE-2017-1000117).

From the release announcement:

A malicious third-party can give a crafted "ssh://..." URL to an
unsuspecting victim, and an attempt to visit the URL can result in
any program that exists on the victim's machine being executed.
Such a URL could be placed in the .gitmodules file of a malicious
project, and an unsuspecting victim could be tricked into running
"git clone --recurse-submodules" to trigger the vulnerability.

Credits to find and fix the issue go to Brian Neel at GitLab, Joern
Schneeweisz of Recurity Labs and Jeff King at GitHub.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-8ba7572cfd

This update has been submitted for testing by tmz.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon robbinespu commented & provided feedback 2 years ago
karma

I been waiting for this update. LGTM

BZ#1480386 CVE-2017-1000117 git: Command injection via malicious ssh URLs
User Icon brandongray commented & provided feedback 2 years ago
karma

LGTM

BZ#1480386 CVE-2017-1000117 git: Command injection via malicious ssh URLs
User Icon pwalter commented & provided feedback 2 years ago
karma

Works

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1480386 CVE-2017-1000117 git: Command injection via malicious ssh URLs
0
2

Automated Test Results