Debian Security Advisory 4145-1

Debian Security Advisory 4145-1: Posted Mar 18, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4145-1 - Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2017-0915, CVE-2017-0916, CVE-2017-0917, CVE-2017-0918, CVE-2017-0925, CVE-2017-0926, CVE-2018-3710; SHA-256 | 518f44127739d467e796a35129fc93ac07e411e607747324f024e15b1859c12c; Download | Favorite | View

Debian Security Advisory 4145-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4145-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 18, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gitlab
CVE ID         : CVE-2017-0915 CVE-2017-0916 CVE-2017-0917 CVE-2017-0918 
                 CVE-2017-0925 CVE-2017-0926 CVE-2018-3710

Several vulnerabilities have been discovered in Gitlab, a software
platform to collaborate on code:

CVE-2017-0915 / CVE-2018-3710

    Arbitrary code execution in project import.

CVE-2017-0916

    Command injection via Webhooks.

CVE-2017-0917

    Cross-site scripting in CI job output.

CVE-2017-0918

    Insufficient restriction of CI runner for project cache access.

CVE-2017-0925

    Information disclosure in Services API.

CVE-2017-0926

    Restrictions for disabled OAuth providers could be bypassed.

For the stable distribution (stretch), these problems have been fixed in
version 8.13.11+dfsg1-8+deb9u1.

We recommend that you upgrade your gitlab packages.

For the detailed security status of gitlab please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gitlab

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqutO4ACgkQEMKTtsN8
TjZjnQ/+KTZ1TKXjhz4YPdXRQU+omJ4tENM5G7Ayn5PosyTqzWA2SvNUmT9wDsi8
Y5xr2sw9jMoFzpv95sh8A1KRaaV1flDCnO/qIF7hN/6Wz1PZj1yZJRfzxZCNYlc/
Q1HXUFhVun8wTatlu/GC80GE39k/13hXYfZCLp9HPz//2aC8iNsF2KuRn9zyFPy6
PqpE1ZObcgagwG46JMrvB/bsQ+CRvasupOhhDkkl6+w5Mb5MECU+N2gl347BKGvg
InPoCsc2cihMaBMWtAQzr+C1NQyuKeLnK8BBTcxm72d4Ulcnnk03EK+wZDFY0/mN
rCUaxcmqC9DSHs/nIccWKVNRFpIXevX46QXZ/APbIgDAmDRaj2XYYM7GB3EkH0tE
GD9Tg3DK0PY4a9DO3yjA6OoHibtA58nNhFOwJEcpTbN72BhgL0kk5F8bjAeO14k0
TWHzH9QA/2GsJOczEHsoCsm4VxG3TIlEQh4/lYfCDLbpCT6JPjRJrtD23ANdnRZC
eccj+VWpt+M2sscjK6EfPqqEl+Ne+BQynGrCgIgCNKISyezHiXpaxycglQHunquk
d3eyEdw4/4CDmS5rBtw0LxVqEPmQsPe06Z9jsLb8dVAacPgXjTpufh4PvmFbQx+E
bnKue3Mr1Jkibb1v3cxmC6JHTc29JSn545veqvN3HnNQFq0E2FY=
=G7QV
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 85 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

Debian Security Advisory 4145-1

Debian Security Advisory 4145-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4145-1

Share This

Debian Security Advisory 4145-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems