ASA-201705-14 generated external raw

[ASA-201705-14] git: access restriction bypass
Arch Linux Security Advisory ASA-201705-14 ========================================== Severity: High Date : 2017-05-12 CVE-ID : CVE-2017-8386 Package : git Type : access restriction bypass Remote : Yes Link : Summary ======= The package git before version 2.13.0-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 2.13.0-1. # pacman -Syu "git>=2.13.0-1" The problem has been fixed upstream in version 2.13.0. Workaround ========== None. Description =========== A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git upload-pack --help". This is only an issue for servers running the "git-shell" restricted login shell. Impact ====== A remote attacker can use the interactive pager commands to access and modify arbitrary files on the affected host. If the login shell used is not git-shell, a remote attacker might also be able to run arbitrary commands on the affected host. References ==========