Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2491 - Security Advisory
Issued:
2017-08-17
Updated:
2017-08-17

RHSA-2017:2491 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: rh-git29-git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-git29-git is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
  • A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

  • BZ - 1450407 - CVE-2017-8386 git: Escape out of git-shell
  • BZ - 1480386 - CVE-2017-1000117 git: Command injection via malicious ssh URLs

CVEs

  • CVE-2017-1000117
  • CVE-2017-8386

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-git29-git-2.9.3-3.el7.src.rpm SHA-256: ac8ae9286d98f56dc08b417c56a374d462976620b8c0fcdf2598d0a5c4c6b7d1
x86_64
rh-git29-git-2.9.3-3.el7.x86_64.rpm SHA-256: bcc04c6085de19cba6ffd80aa43f174fd6bb84a780ca541383631c1630d03e1a
rh-git29-git-all-2.9.3-3.el7.noarch.rpm SHA-256: 53ba021aad1071a4ec50e9dc5f3defa629ef604fe17e2ce7d339e42c303ba8a5
rh-git29-git-core-2.9.3-3.el7.x86_64.rpm SHA-256: 7f94df8f5751dcabfec9f392a69468f9af2d7ae73c296ef16eefbfd81a458937
rh-git29-git-core-doc-2.9.3-3.el7.x86_64.rpm SHA-256: 2e51ef1f78c0eba41abebce4f27fd87050d7e9bd7cbf0e5b9021a90e88ece008
rh-git29-git-cvs-2.9.3-3.el7.noarch.rpm SHA-256: 750724af2916c3bb57454493dc1afa3cdeca00222c92b8d685327f782273fe8d
rh-git29-git-daemon-2.9.3-3.el7.x86_64.rpm SHA-256: c2f8c0856767c753e42b6d66585046ec4defb05a42177b740286369fe9888278
rh-git29-git-debuginfo-2.9.3-3.el7.x86_64.rpm SHA-256: a70e38089d3dfa74288cf77aaf49bf0080702aed6b83faa3beab7be6b577ca84
rh-git29-git-email-2.9.3-3.el7.noarch.rpm SHA-256: 27d0e319c724695641f06aab86deb1ea3a79c970c8e1a26f8e16a74c54066b45
rh-git29-git-gui-2.9.3-3.el7.noarch.rpm SHA-256: f536a481dbd37a96d2c7602c8ed1d61ea016a0bd7ea63c65e926f1ebe1d9632d
rh-git29-git-p4-2.9.3-3.el7.noarch.rpm SHA-256: 7d1ff5505c31dff8d93ec5bff954a7e803816e9b5b37ad945bc9c7dd974b5a49
rh-git29-git-svn-2.9.3-3.el7.x86_64.rpm SHA-256: 5e15ea9df7a6bb54d5c277cc8308398f0a20d5ab8a453cfb6cfbfb8a213b87e0
rh-git29-gitk-2.9.3-3.el7.noarch.rpm SHA-256: fa9f1a742be7bd43ea73ad6876034d5b0f44f91bef59896aadf30522efe8996e
rh-git29-gitweb-2.9.3-3.el7.noarch.rpm SHA-256: e799096a52162e281002e6fcb0e62120a311940df0ad321ea1a178a0b9d21294
rh-git29-perl-Git-2.9.3-3.el7.noarch.rpm SHA-256: d1d8db448acd79284b38e552bcea5ed73841e3134038dfe89c310c01de896e2a
rh-git29-perl-Git-SVN-2.9.3-3.el7.noarch.rpm SHA-256: c96f8c765d58eb057af50c5b989755e7d1e452179f330b2e9df28cb14171f906

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-git29-git-2.9.3-3.el6.src.rpm SHA-256: 6a18842f2723f1a28683a709ed5c0823a9a07ea93f8e5f07438a3e4d8763d90f
x86_64
rh-git29-emacs-git-2.9.3-3.el6.noarch.rpm SHA-256: fa3633e14c8c546727ca9f417b5d62dcd3c0a26746e7149d43dd8d6e53b4a67e
rh-git29-emacs-git-el-2.9.3-3.el6.noarch.rpm SHA-256: 441764c8f7276558ef0c3c3f8045b17db3383ae4d562b5192c10df90b2560081
rh-git29-git-2.9.3-3.el6.x86_64.rpm SHA-256: 9b1bb31082a42c25b57122adccf585758b9bd42217e28e0b0e0fa4964a6faf18
rh-git29-git-all-2.9.3-3.el6.noarch.rpm SHA-256: b6f385c9f66b0fd96a5aacbd75b3e6be9e8322f178eaf760fe7714a56e366738
rh-git29-git-core-2.9.3-3.el6.x86_64.rpm SHA-256: a9adcd1edcbf50cc6178bdaeba0b89853b7ad8506dd6169a0fd2239699bc3475
rh-git29-git-core-doc-2.9.3-3.el6.x86_64.rpm SHA-256: a6404b446f36e256805dc9ed173dbf0662c0342030bcdcd306b68bf99b258636
rh-git29-git-cvs-2.9.3-3.el6.noarch.rpm SHA-256: 414700f1e95285192e13166555957e2c28f3e05bc0fdf3c8151778b7d86405ef
rh-git29-git-daemon-2.9.3-3.el6.x86_64.rpm SHA-256: 98a11a6d3ff07401180822c17a78355a5e7370b4909dadec9e62000ab35df0c3
rh-git29-git-debuginfo-2.9.3-3.el6.x86_64.rpm SHA-256: e04615ecc446d160ebcc18b2459c44925c39147d7b57c22c9dda70800507c7f9
rh-git29-git-email-2.9.3-3.el6.noarch.rpm SHA-256: a38bc957d96824a0b0092b8691411dc86224783f18043b6e80e55f18d1f8f093
rh-git29-git-gui-2.9.3-3.el6.noarch.rpm SHA-256: c55265272e2149314b1dc54ef5f54a4b29a85b0a2bebec3166412085d87fa793
rh-git29-git-p4-2.9.3-3.el6.noarch.rpm SHA-256: 12e5c32cf533121c4ebe7e0d228cd510a9b4a6f2ee0b743e34abf6d103b3e499
rh-git29-git-svn-2.9.3-3.el6.x86_64.rpm SHA-256: b3c455571143a18ef6f4868c6c773195a0ed83bddf3ed2de98939a2e41276e61
rh-git29-gitk-2.9.3-3.el6.noarch.rpm SHA-256: d987e91e3180daa73c23dca62da5f14181d158fff05439d85d5338ae223a94ef
rh-git29-gitweb-2.9.3-3.el6.noarch.rpm SHA-256: 49231c3b271877bddd7210398417249dead4e3d15063d0fb3a841721c91594ee
rh-git29-perl-Git-2.9.3-3.el6.noarch.rpm SHA-256: 40dd6435d3a536327f14937b5839a62846f7ae978515ba8db62dee2ed455af05
rh-git29-perl-Git-SVN-2.9.3-3.el6.noarch.rpm SHA-256: da54ac2191510445fb7af49d0bcb4a1773d01c0a505d54d494230184f695add6

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-git29-git-2.9.3-3.el7.src.rpm SHA-256: ac8ae9286d98f56dc08b417c56a374d462976620b8c0fcdf2598d0a5c4c6b7d1
x86_64
rh-git29-git-2.9.3-3.el7.x86_64.rpm SHA-256: bcc04c6085de19cba6ffd80aa43f174fd6bb84a780ca541383631c1630d03e1a
rh-git29-git-all-2.9.3-3.el7.noarch.rpm SHA-256: 53ba021aad1071a4ec50e9dc5f3defa629ef604fe17e2ce7d339e42c303ba8a5
rh-git29-git-core-2.9.3-3.el7.x86_64.rpm SHA-256: 7f94df8f5751dcabfec9f392a69468f9af2d7ae73c296ef16eefbfd81a458937
rh-git29-git-core-doc-2.9.3-3.el7.x86_64.rpm SHA-256: 2e51ef1f78c0eba41abebce4f27fd87050d7e9bd7cbf0e5b9021a90e88ece008
rh-git29-git-cvs-2.9.3-3.el7.noarch.rpm SHA-256: 750724af2916c3bb57454493dc1afa3cdeca00222c92b8d685327f782273fe8d
rh-git29-git-daemon-2.9.3-3.el7.x86_64.rpm SHA-256: c2f8c0856767c753e42b6d66585046ec4defb05a42177b740286369fe9888278
rh-git29-git-debuginfo-2.9.3-3.el7.x86_64.rpm SHA-256: a70e38089d3dfa74288cf77aaf49bf0080702aed6b83faa3beab7be6b577ca84
rh-git29-git-email-2.9.3-3.el7.noarch.rpm SHA-256: 27d0e319c724695641f06aab86deb1ea3a79c970c8e1a26f8e16a74c54066b45
rh-git29-git-gui-2.9.3-3.el7.noarch.rpm SHA-256: f536a481dbd37a96d2c7602c8ed1d61ea016a0bd7ea63c65e926f1ebe1d9632d
rh-git29-git-p4-2.9.3-3.el7.noarch.rpm SHA-256: 7d1ff5505c31dff8d93ec5bff954a7e803816e9b5b37ad945bc9c7dd974b5a49
rh-git29-git-svn-2.9.3-3.el7.x86_64.rpm SHA-256: 5e15ea9df7a6bb54d5c277cc8308398f0a20d5ab8a453cfb6cfbfb8a213b87e0
rh-git29-gitk-2.9.3-3.el7.noarch.rpm SHA-256: fa9f1a742be7bd43ea73ad6876034d5b0f44f91bef59896aadf30522efe8996e
rh-git29-gitweb-2.9.3-3.el7.noarch.rpm SHA-256: e799096a52162e281002e6fcb0e62120a311940df0ad321ea1a178a0b9d21294
rh-git29-perl-Git-2.9.3-3.el7.noarch.rpm SHA-256: d1d8db448acd79284b38e552bcea5ed73841e3134038dfe89c310c01de896e2a
rh-git29-perl-Git-SVN-2.9.3-3.el7.noarch.rpm SHA-256: c96f8c765d58eb057af50c5b989755e7d1e452179f330b2e9df28cb14171f906

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-git29-git-2.9.3-3.el6.src.rpm SHA-256: 6a18842f2723f1a28683a709ed5c0823a9a07ea93f8e5f07438a3e4d8763d90f
x86_64
rh-git29-emacs-git-2.9.3-3.el6.noarch.rpm SHA-256: fa3633e14c8c546727ca9f417b5d62dcd3c0a26746e7149d43dd8d6e53b4a67e
rh-git29-emacs-git-el-2.9.3-3.el6.noarch.rpm SHA-256: 441764c8f7276558ef0c3c3f8045b17db3383ae4d562b5192c10df90b2560081
rh-git29-git-2.9.3-3.el6.x86_64.rpm SHA-256: 9b1bb31082a42c25b57122adccf585758b9bd42217e28e0b0e0fa4964a6faf18
rh-git29-git-all-2.9.3-3.el6.noarch.rpm SHA-256: b6f385c9f66b0fd96a5aacbd75b3e6be9e8322f178eaf760fe7714a56e366738
rh-git29-git-core-2.9.3-3.el6.x86_64.rpm SHA-256: a9adcd1edcbf50cc6178bdaeba0b89853b7ad8506dd6169a0fd2239699bc3475
rh-git29-git-core-doc-2.9.3-3.el6.x86_64.rpm SHA-256: a6404b446f36e256805dc9ed173dbf0662c0342030bcdcd306b68bf99b258636
rh-git29-git-cvs-2.9.3-3.el6.noarch.rpm SHA-256: 414700f1e95285192e13166555957e2c28f3e05bc0fdf3c8151778b7d86405ef
rh-git29-git-daemon-2.9.3-3.el6.x86_64.rpm SHA-256: 98a11a6d3ff07401180822c17a78355a5e7370b4909dadec9e62000ab35df0c3
rh-git29-git-debuginfo-2.9.3-3.el6.x86_64.rpm SHA-256: e04615ecc446d160ebcc18b2459c44925c39147d7b57c22c9dda70800507c7f9
rh-git29-git-email-2.9.3-3.el6.noarch.rpm SHA-256: a38bc957d96824a0b0092b8691411dc86224783f18043b6e80e55f18d1f8f093
rh-git29-git-gui-2.9.3-3.el6.noarch.rpm SHA-256: c55265272e2149314b1dc54ef5f54a4b29a85b0a2bebec3166412085d87fa793
rh-git29-git-p4-2.9.3-3.el6.noarch.rpm SHA-256: 12e5c32cf533121c4ebe7e0d228cd510a9b4a6f2ee0b743e34abf6d103b3e499
rh-git29-git-svn-2.9.3-3.el6.x86_64.rpm SHA-256: b3c455571143a18ef6f4868c6c773195a0ed83bddf3ed2de98939a2e41276e61
rh-git29-gitk-2.9.3-3.el6.noarch.rpm SHA-256: d987e91e3180daa73c23dca62da5f14181d158fff05439d85d5338ae223a94ef
rh-git29-gitweb-2.9.3-3.el6.noarch.rpm SHA-256: 49231c3b271877bddd7210398417249dead4e3d15063d0fb3a841721c91594ee
rh-git29-perl-Git-2.9.3-3.el6.noarch.rpm SHA-256: 40dd6435d3a536327f14937b5839a62846f7ae978515ba8db62dee2ed455af05
rh-git29-perl-Git-SVN-2.9.3-3.el6.noarch.rpm SHA-256: da54ac2191510445fb7af49d0bcb4a1773d01c0a505d54d494230184f695add6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility