Amazon Linux 2 Security Advisory: ALAS-2018-1136
Advisory Release Date: 2018-12-18 19:10 Pacific
Advisory Updated Date: 2018-12-19 17:46 Pacific
Severity:
Important
Issue Overview:
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.(CVE-2018-19486)
Affected Packages:
git
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update git to update your system.
New Packages:
aarch64:
git-2.17.2-2.amzn2.aarch64
git-core-2.17.2-2.amzn2.aarch64
git-daemon-2.17.2-2.amzn2.aarch64
git-subtree-2.17.2-2.amzn2.aarch64
git-svn-2.17.2-2.amzn2.aarch64
git-debuginfo-2.17.2-2.amzn2.aarch64
i686:
git-2.17.2-2.amzn2.i686
git-core-2.17.2-2.amzn2.i686
git-daemon-2.17.2-2.amzn2.i686
git-subtree-2.17.2-2.amzn2.i686
git-svn-2.17.2-2.amzn2.i686
git-debuginfo-2.17.2-2.amzn2.i686
noarch:
git-all-2.17.2-2.amzn2.noarch
git-core-doc-2.17.2-2.amzn2.noarch
git-cvs-2.17.2-2.amzn2.noarch
git-email-2.17.2-2.amzn2.noarch
gitk-2.17.2-2.amzn2.noarch
gitweb-2.17.2-2.amzn2.noarch
git-gui-2.17.2-2.amzn2.noarch
git-p4-2.17.2-2.amzn2.noarch
perl-Git-2.17.2-2.amzn2.noarch
perl-Git-SVN-2.17.2-2.amzn2.noarch
src:
git-2.17.2-2.amzn2.src
x86_64:
git-2.17.2-2.amzn2.x86_64
git-core-2.17.2-2.amzn2.x86_64
git-daemon-2.17.2-2.amzn2.x86_64
git-subtree-2.17.2-2.amzn2.x86_64
git-svn-2.17.2-2.amzn2.x86_64
git-debuginfo-2.17.2-2.amzn2.x86_64