Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0597: Red Hat Security Advisory: rh-git227-git security update

An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted .gitattributes file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution.
  • CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::format_and_pad_commit(), where asize_tis stored improperly as anint, and then added as an offset to amemcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,git log --format=…`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#nodejs#js#git#java#kubernetes#rce#perl#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-06

Updated:

2023-02-06

RHSA-2023:0597 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: rh-git227-git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-git227-git is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: gitattributes parsing integer overflow (CVE-2022-23521)
  • git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
  • BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM

rh-git227-git-2.27.0-4.el7.src.rpm

SHA-256: d8059be794ac80baeba1d1f8d6724cd29df2a1a4c91ce310f56fdcef41219bc7

x86_64

rh-git227-git-2.27.0-4.el7.x86_64.rpm

SHA-256: 9a5227834fb6d9a109209c8e82af0fed130ead02aa06aba84d04aa7e5bd4bad2

rh-git227-git-all-2.27.0-4.el7.noarch.rpm

SHA-256: 9ca79bb4f2fa5e44d272f18899f830626cbcce00967375cf8285b1df4a14b45b

rh-git227-git-core-2.27.0-4.el7.x86_64.rpm

SHA-256: 32a3e77f4820c22041e08d1d9a2476095143a8d53ccefe94cc2ead9a2f2135ff

rh-git227-git-core-doc-2.27.0-4.el7.noarch.rpm

SHA-256: 691a1953ad34691c27393c1a5e32e13aa3ab86fcf1f0c0b251e95651527aef84

rh-git227-git-credential-libsecret-2.27.0-4.el7.x86_64.rpm

SHA-256: f306eb4f803be900b77ad23bb019469454d82bd950c68253eed5b8c0ebb84a75

rh-git227-git-cvs-2.27.0-4.el7.noarch.rpm

SHA-256: b7a23281a0c6f39d9ca119ee4b3bc29a0a73fca7f98efb7454471d61f621982b

rh-git227-git-daemon-2.27.0-4.el7.x86_64.rpm

SHA-256: 0110d4713a5875147b000959b7d0099b033a1bae2077a52e08efeb2824f634d2

rh-git227-git-debuginfo-2.27.0-4.el7.x86_64.rpm

SHA-256: 17b780a46b878e6c08faaa2971d5219f79f8399a5f97a8ebc6cb125680893230

rh-git227-git-email-2.27.0-4.el7.noarch.rpm

SHA-256: f747e7e0e8b1b3c4f25521ab8c5b346802516f8fb410c69a634eb6ef37ef3e85

rh-git227-git-gui-2.27.0-4.el7.noarch.rpm

SHA-256: 3bdfd18c0901627b953d909b532abdd1239d9c74fe0ff140de0a0534872a9173

rh-git227-git-instaweb-2.27.0-4.el7.noarch.rpm

SHA-256: 638166705ebbfa6a398a9224e52ffd63dbb35265812aa9749110943bf2791ea5

rh-git227-git-p4-2.27.0-4.el7.noarch.rpm

SHA-256: 55d3083a5713f27de233274cbbe48b98222de585cb12ad0d380529f8b8b3b491

rh-git227-git-subtree-2.27.0-4.el7.x86_64.rpm

SHA-256: fe68559f4dd617c04f17e1b607b330d3d8e80335c3e9aca8860a2f9f626edd92

rh-git227-git-svn-2.27.0-4.el7.noarch.rpm

SHA-256: 9b3f309872357b10ec98f334b5ab2a29a1f92fc3fdb0c7e14642a945cbdc5438

rh-git227-gitk-2.27.0-4.el7.noarch.rpm

SHA-256: 96c49b35381b8f5924c38e42119d7a6ceefaf23c372f2a300a21d0f623cd9dfd

rh-git227-gitweb-2.27.0-4.el7.noarch.rpm

SHA-256: d8b164b5b5dcf3319ae6f2331c8c9d4ef1236edf7aa442b9f478e033b5344365

rh-git227-perl-Git-2.27.0-4.el7.noarch.rpm

SHA-256: 4194cce46fa3dfb7617d30f95953d676bdf2de6e0283e4f51cfd323ed8658bff

rh-git227-perl-Git-SVN-2.27.0-4.el7.noarch.rpm

SHA-256: 48a6cf4b43c8d8e6c16e2828edb575b23b0b7a20836a14f70837e79cf3a8fbe8

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM

rh-git227-git-2.27.0-4.el7.src.rpm

SHA-256: d8059be794ac80baeba1d1f8d6724cd29df2a1a4c91ce310f56fdcef41219bc7

s390x

rh-git227-git-2.27.0-4.el7.s390x.rpm

SHA-256: 312b3dd1261f68fe84684dd9071d963ce3596da30724a9603b116f730a4edb31

rh-git227-git-all-2.27.0-4.el7.noarch.rpm

SHA-256: 9ca79bb4f2fa5e44d272f18899f830626cbcce00967375cf8285b1df4a14b45b

rh-git227-git-core-2.27.0-4.el7.s390x.rpm

SHA-256: a21fa86fb6be19ed5094c7c0094fd8d35da78c7b7902fa1099c95aa64ce169cc

rh-git227-git-core-doc-2.27.0-4.el7.noarch.rpm

SHA-256: 691a1953ad34691c27393c1a5e32e13aa3ab86fcf1f0c0b251e95651527aef84

rh-git227-git-credential-libsecret-2.27.0-4.el7.s390x.rpm

SHA-256: a66e87116ba1e3af4518b08ff35d6ba5deeaa814334fb779dca8867b992647e0

rh-git227-git-cvs-2.27.0-4.el7.noarch.rpm

SHA-256: b7a23281a0c6f39d9ca119ee4b3bc29a0a73fca7f98efb7454471d61f621982b

rh-git227-git-daemon-2.27.0-4.el7.s390x.rpm

SHA-256: 26dbaf611c91de85a1888ed8f58c309a80ef495e43518566d21a6af489806bce

rh-git227-git-debuginfo-2.27.0-4.el7.s390x.rpm

SHA-256: 49cd54b75cf1ed90776e139e3a3b796359a9e41d829001ad904c79cba4b5a094

rh-git227-git-email-2.27.0-4.el7.noarch.rpm

SHA-256: f747e7e0e8b1b3c4f25521ab8c5b346802516f8fb410c69a634eb6ef37ef3e85

rh-git227-git-gui-2.27.0-4.el7.noarch.rpm

SHA-256: 3bdfd18c0901627b953d909b532abdd1239d9c74fe0ff140de0a0534872a9173

rh-git227-git-instaweb-2.27.0-4.el7.noarch.rpm

SHA-256: 638166705ebbfa6a398a9224e52ffd63dbb35265812aa9749110943bf2791ea5

rh-git227-git-p4-2.27.0-4.el7.noarch.rpm

SHA-256: 55d3083a5713f27de233274cbbe48b98222de585cb12ad0d380529f8b8b3b491

rh-git227-git-subtree-2.27.0-4.el7.s390x.rpm

SHA-256: 6d241525ad6012f0a865f0442ec65a524252a46dc91c8471585d8eeebf6943d6

rh-git227-git-svn-2.27.0-4.el7.noarch.rpm

SHA-256: 9b3f309872357b10ec98f334b5ab2a29a1f92fc3fdb0c7e14642a945cbdc5438

rh-git227-gitk-2.27.0-4.el7.noarch.rpm

SHA-256: 96c49b35381b8f5924c38e42119d7a6ceefaf23c372f2a300a21d0f623cd9dfd

rh-git227-gitweb-2.27.0-4.el7.noarch.rpm

SHA-256: d8b164b5b5dcf3319ae6f2331c8c9d4ef1236edf7aa442b9f478e033b5344365

rh-git227-perl-Git-2.27.0-4.el7.noarch.rpm

SHA-256: 4194cce46fa3dfb7617d30f95953d676bdf2de6e0283e4f51cfd323ed8658bff

rh-git227-perl-Git-SVN-2.27.0-4.el7.noarch.rpm

SHA-256: 48a6cf4b43c8d8e6c16e2828edb575b23b0b7a20836a14f70837e79cf3a8fbe8

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM

rh-git227-git-2.27.0-4.el7.src.rpm

SHA-256: d8059be794ac80baeba1d1f8d6724cd29df2a1a4c91ce310f56fdcef41219bc7

ppc64le

rh-git227-git-2.27.0-4.el7.ppc64le.rpm

SHA-256: c8755b2a10d616224ae7e5682f2c09a4e4f78e29440f39088b3d02d8ad6a7c36

rh-git227-git-all-2.27.0-4.el7.noarch.rpm

SHA-256: 9ca79bb4f2fa5e44d272f18899f830626cbcce00967375cf8285b1df4a14b45b

rh-git227-git-core-2.27.0-4.el7.ppc64le.rpm

SHA-256: 2c734a35182b648236ff75ba6da5c7929237fd3725666265618aea55007c7baa

rh-git227-git-core-doc-2.27.0-4.el7.noarch.rpm

SHA-256: 691a1953ad34691c27393c1a5e32e13aa3ab86fcf1f0c0b251e95651527aef84

rh-git227-git-credential-libsecret-2.27.0-4.el7.ppc64le.rpm

SHA-256: 285c5bb1b4c019bd4870757dec45c7b62d29c4710a479daf8234f4fe5502dcac

rh-git227-git-cvs-2.27.0-4.el7.noarch.rpm

SHA-256: b7a23281a0c6f39d9ca119ee4b3bc29a0a73fca7f98efb7454471d61f621982b

rh-git227-git-daemon-2.27.0-4.el7.ppc64le.rpm

SHA-256: b3188f378d82e3441a273acef9bae39b7b6137741fd736916a11a6857519e4ec

rh-git227-git-debuginfo-2.27.0-4.el7.ppc64le.rpm

SHA-256: fe2d38fbbc7aa4e5a3825a78cc1a9d1ea2c978553b8888d9ca7169b327c61a65

rh-git227-git-email-2.27.0-4.el7.noarch.rpm

SHA-256: f747e7e0e8b1b3c4f25521ab8c5b346802516f8fb410c69a634eb6ef37ef3e85

rh-git227-git-gui-2.27.0-4.el7.noarch.rpm

SHA-256: 3bdfd18c0901627b953d909b532abdd1239d9c74fe0ff140de0a0534872a9173

rh-git227-git-instaweb-2.27.0-4.el7.noarch.rpm

SHA-256: 638166705ebbfa6a398a9224e52ffd63dbb35265812aa9749110943bf2791ea5

rh-git227-git-p4-2.27.0-4.el7.noarch.rpm

SHA-256: 55d3083a5713f27de233274cbbe48b98222de585cb12ad0d380529f8b8b3b491

rh-git227-git-subtree-2.27.0-4.el7.ppc64le.rpm

SHA-256: 97be6bbb2537af1b852a22d7c25ede83e62e689687e30ef0fca474cf7755d4f2

rh-git227-git-svn-2.27.0-4.el7.noarch.rpm

SHA-256: 9b3f309872357b10ec98f334b5ab2a29a1f92fc3fdb0c7e14642a945cbdc5438

rh-git227-gitk-2.27.0-4.el7.noarch.rpm

SHA-256: 96c49b35381b8f5924c38e42119d7a6ceefaf23c372f2a300a21d0f623cd9dfd

rh-git227-gitweb-2.27.0-4.el7.noarch.rpm

SHA-256: d8b164b5b5dcf3319ae6f2331c8c9d4ef1236edf7aa442b9f478e033b5344365

rh-git227-perl-Git-2.27.0-4.el7.noarch.rpm

SHA-256: 4194cce46fa3dfb7617d30f95953d676bdf2de6e0283e4f51cfd323ed8658bff

rh-git227-perl-Git-SVN-2.27.0-4.el7.noarch.rpm

SHA-256: 48a6cf4b43c8d8e6c16e2828edb575b23b0b7a20836a14f70837e79cf3a8fbe8

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM

rh-git227-git-2.27.0-4.el7.src.rpm

SHA-256: d8059be794ac80baeba1d1f8d6724cd29df2a1a4c91ce310f56fdcef41219bc7

x86_64

rh-git227-git-2.27.0-4.el7.x86_64.rpm

SHA-256: 9a5227834fb6d9a109209c8e82af0fed130ead02aa06aba84d04aa7e5bd4bad2

rh-git227-git-all-2.27.0-4.el7.noarch.rpm

SHA-256: 9ca79bb4f2fa5e44d272f18899f830626cbcce00967375cf8285b1df4a14b45b

rh-git227-git-core-2.27.0-4.el7.x86_64.rpm

SHA-256: 32a3e77f4820c22041e08d1d9a2476095143a8d53ccefe94cc2ead9a2f2135ff

rh-git227-git-core-doc-2.27.0-4.el7.noarch.rpm

SHA-256: 691a1953ad34691c27393c1a5e32e13aa3ab86fcf1f0c0b251e95651527aef84

rh-git227-git-credential-libsecret-2.27.0-4.el7.x86_64.rpm

SHA-256: f306eb4f803be900b77ad23bb019469454d82bd950c68253eed5b8c0ebb84a75

rh-git227-git-cvs-2.27.0-4.el7.noarch.rpm

SHA-256: b7a23281a0c6f39d9ca119ee4b3bc29a0a73fca7f98efb7454471d61f621982b

rh-git227-git-daemon-2.27.0-4.el7.x86_64.rpm

SHA-256: 0110d4713a5875147b000959b7d0099b033a1bae2077a52e08efeb2824f634d2

rh-git227-git-debuginfo-2.27.0-4.el7.x86_64.rpm

SHA-256: 17b780a46b878e6c08faaa2971d5219f79f8399a5f97a8ebc6cb125680893230

rh-git227-git-email-2.27.0-4.el7.noarch.rpm

SHA-256: f747e7e0e8b1b3c4f25521ab8c5b346802516f8fb410c69a634eb6ef37ef3e85

rh-git227-git-gui-2.27.0-4.el7.noarch.rpm

SHA-256: 3bdfd18c0901627b953d909b532abdd1239d9c74fe0ff140de0a0534872a9173

rh-git227-git-instaweb-2.27.0-4.el7.noarch.rpm

SHA-256: 638166705ebbfa6a398a9224e52ffd63dbb35265812aa9749110943bf2791ea5

rh-git227-git-p4-2.27.0-4.el7.noarch.rpm

SHA-256: 55d3083a5713f27de233274cbbe48b98222de585cb12ad0d380529f8b8b3b491

rh-git227-git-subtree-2.27.0-4.el7.x86_64.rpm

SHA-256: fe68559f4dd617c04f17e1b607b330d3d8e80335c3e9aca8860a2f9f626edd92

rh-git227-git-svn-2.27.0-4.el7.noarch.rpm

SHA-256: 9b3f309872357b10ec98f334b5ab2a29a1f92fc3fdb0c7e14642a945cbdc5438

rh-git227-gitk-2.27.0-4.el7.noarch.rpm

SHA-256: 96c49b35381b8f5924c38e42119d7a6ceefaf23c372f2a300a21d0f623cd9dfd

rh-git227-gitweb-2.27.0-4.el7.noarch.rpm

SHA-256: d8b164b5b5dcf3319ae6f2331c8c9d4ef1236edf7aa442b9f478e033b5344365

rh-git227-perl-Git-2.27.0-4.el7.noarch.rpm

SHA-256: 4194cce46fa3dfb7617d30f95953d676bdf2de6e0283e4f51cfd323ed8658bff

rh-git227-perl-Git-SVN-2.27.0-4.el7.noarch.rpm

SHA-256: 48a6cf4b43c8d8e6c16e2828edb575b23b0b7a20836a14f70837e79cf3a8fbe8

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-0895-01

Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0774: Red Hat Security Advisory: OpenShift Container Platform 4.11.28 security update

Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

RHSA-2023:0769: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...

Red Hat Security Advisory 2023-0803-01

Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0804-01

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

RHSA-2023:0804: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

RHSA-2023:0803: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

RHSA-2023:0802: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-0698-01

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0698: Red Hat Security Advisory: OpenShift Container Platform 4.10.52 security update

Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

Red Hat Security Advisory 2023-0627-01

Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0628-01

Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0599-01

Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0596-01

Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0609-01

Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0610-01

Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0611-01

Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

RHSA-2023:0627: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via...

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0599: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...

RHSA-2023:0599: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Ubuntu Security Notice USN-5810-2

Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5810-2

Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Update now! Two critical flaws in Git's code found, patched

CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.

Update now! Two critical flaws in Git's code found, patched

CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.

CVE-2022-41903: Heap overflow in `git archive`, `git log --format` leading to RCE

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u...

CVE-2022-23521: gitattributes parsing integer overflow

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched i...