Amazon Linux 1 Security Advisory: ALAS-2017-882
Advisory Release Date: 2017-08-31 16:00 Pacific
Advisory Updated Date: 2017-08-31 23:09 Pacific
Command injection via malicious ssh URLs:
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)
Affected Packages:
git
Issue Correction:
Run yum update git to update your system.
i686:
git-2.13.5-1.53.amzn1.i686
git-daemon-2.13.5-1.53.amzn1.i686
git-debuginfo-2.13.5-1.53.amzn1.i686
git-svn-2.13.5-1.53.amzn1.i686
noarch:
git-email-2.13.5-1.53.amzn1.noarch
git-bzr-2.13.5-1.53.amzn1.noarch
git-p4-2.13.5-1.53.amzn1.noarch
git-cvs-2.13.5-1.53.amzn1.noarch
emacs-git-el-2.13.5-1.53.amzn1.noarch
git-all-2.13.5-1.53.amzn1.noarch
git-hg-2.13.5-1.53.amzn1.noarch
perl-Git-SVN-2.13.5-1.53.amzn1.noarch
gitweb-2.13.5-1.53.amzn1.noarch
emacs-git-2.13.5-1.53.amzn1.noarch
perl-Git-2.13.5-1.53.amzn1.noarch
src:
git-2.13.5-1.53.amzn1.src
x86_64:
git-daemon-2.13.5-1.53.amzn1.x86_64
git-2.13.5-1.53.amzn1.x86_64
git-debuginfo-2.13.5-1.53.amzn1.x86_64
git-svn-2.13.5-1.53.amzn1.x86_64