openSUSE Security Update : git-annex (openSUSE-2017-986)
Medium Nessus Plugin ID 102848
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for git-annex fixes the following issues :
- CVE-2017-12976: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option.
This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via -oProxyCommand. (boo#1054653).
SolutionUpdate the affected git-annex packages.