Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.
b323f39eaec8eb4fc3557dbe54e6dc9f0deb4ab6e1e1465cd32b69c5e7ba3a49
Gentoo Linux Security Advisory 201709-10 - A command injection vulnerability in Git may allow remote attackers to execute arbitrary code. Versions less than 2.13.5 are affected.
e92e20a35f60603bd964dd01bad3a0b018c363015d80f1cea02411d5feff0bcb
Red Hat Security Advisory 2017-2674-01 - Red Hat Mobile Application Platform 4.5 is delivered as a set of Docker-formatted container images.
aa218b6f6c10015ca84e076a9a181086eca3ff4ebef126b5653ecfb133a0b658
Red Hat Security Advisory 2017-2675-01 - Red Hat Mobile Application Platform 4.5 consists of three main components: Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x. MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x. Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms.
93a8a9deae1045cef27272ee7b978c5576edfd1a38095bd0288afbefef04fdeb
SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.
1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761
This Metasploit module exploits CVE-2017-1000117, which affects Git versions 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.
c48c626489d0816c8550fa1832a7c70cc94f774c3664902dd69f730db0e3d3e7
Red Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
352725d74fb95f72e0eb2f1edd747d546b633fd9a8905c9eff78c83dc5aa4586
Red Hat Security Advisory 2017-2485-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
d0e993b40955de54c4363cfe88cc9625abfe6287b9cdc2adc136bb176b908623
Red Hat Security Advisory 2017-2484-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
01780fc738a7d8a000cc9b18013845a0836af96d698062475251ad88396d9220
Ubuntu Security Notice 3387-1 - Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user.
2454d1074bcfce4098620dc87e4f3cdd0b6f626dc388f4864442e2b508277d87