DebianDEBIAN:DLA-1120-1:E5021[SECURITY] [DLA 1120-1] git security update
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%
Package : git
Version : 1:1.7.10.4-1+wheezy6
CVE ID : CVE-2017-14867
Debian Bug : 876854
joernchen discovered that the git-cvsserver subcommand of Git, a
distributed version control system, suffers from a shell command
injection vulnerability due to unsafe use of the Perl backtick
operator. The git-cvsserver subcommand is reachable from the
git-shell subcommand even if CVS support has not been configured
(however, the git-cvs package needs to be installed).
For Debian 7 "Wheezy", these problems have been fixed in version
1:1.7.10.4-1+wheezy6.
We recommend that you upgrade your git packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | git-cvs | < 1:2.11.0-3+deb9u2 | git-cvs_1:2.11.0-3+deb9u2_all.deb |
| Debian | 9 | armel | git | < 1:2.11.0-3+deb9u2 | git_1:2.11.0-3+deb9u2_armel.deb |
| Debian | 9 | armhf | git | < 1:2.11.0-3+deb9u2 | git_1:2.11.0-3+deb9u2_armhf.deb |
| Debian | 7 | all | git-svn | < 1:1.7.10.4-1+wheezy6 | git-svn_1:1.7.10.4-1+wheezy6_all.deb |
| Debian | 9 | all | git-doc | < 1:2.11.0-3+deb9u2 | git-doc_1:2.11.0-3+deb9u2_all.deb |
| Debian | 8 | all | gitweb | < 1:2.1.4-2.1+deb8u5 | gitweb_1:2.1.4-2.1+deb8u5_all.deb |
| Debian | 9 | all | git-daemon-run | < 1:2.11.0-3+deb9u2 | git-daemon-run_1:2.11.0-3+deb9u2_all.deb |
| Debian | 9 | all | git | < 1:2.11.0-3+deb9u2 | git_1:2.11.0-3+deb9u2_all.deb |
| Debian | 7 | all | gitweb | < 1:1.7.10.4-1+wheezy6 | gitweb_1:1.7.10.4-1+wheezy6_all.deb |
| Debian | 9 | mipsel | git-dbgsym | < 1:2.11.0-3+deb9u2 | git-dbgsym_1:2.11.0-3+deb9u2_mipsel.deb |
Related
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%