Headline
RHSA-2023:0627: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted
.gitattributesfile that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution. - CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::format_and_pad_commit()
, where asize_tis stored improperly as anint, and then added as an offset to amemcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,git log --format=…`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: gitattributes parsing integer overflow (CVE-2022-23521)
- git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
- BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
x86_64
git-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 75e1eb79425a5a6e2112e17413e677e0e4e4ad80a64b63a9eb50200e085688b9
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 7625dc6ad1d65695b827724f9894a4dd68bd82a19a1bfefc6a6c3909c3d65739
git-core-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 85b0c3bbf0beef341fbae6f16f9c221af8623188c95c2d4efd3c6f187418831f
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.x86_64.rpm
SHA-256: fea327f9d731a67465bcc49d8b6e84ad6b710f9395257e6a2b007009898204d1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 51a725834286427a591618a0a2a0af28e95f842621652eac146e699e8ab0ce6f
git-daemon-2.31.1-3.el9_0.x86_64.rpm
SHA-256: ec16efd917be8d55f4669a7ecc6b3716dd54e44e383b2ddddc08be15ff21fd6d
git-daemon-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 5c0f0e3e3a178b4277d164116afa7b0fd0cf943d407f5c755846928d7a367180
git-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 1105da8fecc8642019339bfbe4af796f8da88db76feefe5c12f4264c270402a6
git-debugsource-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 567de288f5b28c5e19a5910e67360f363ce36c07ca63738826306de76baf7892
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.x86_64.rpm
SHA-256: b4f99b75de17d0b2fa104fc537c1d300771da058066e821c82fd9d9283008a58
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
s390x
git-2.31.1-3.el9_0.s390x.rpm
SHA-256: fc85bb8acecff6cbc74c7ebd47faab752b68b6b01a8323d48f1d056413825f5d
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.s390x.rpm
SHA-256: 3feb65159d095c4438b3d8d21dc3348789b2b64188c56e2308d5cecf816d793b
git-core-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 8ed7c4585bda635bcf0421268e1ee3c5866a4a141a6057140a76fb50daaa2a4e
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.s390x.rpm
SHA-256: 65f1f0d86235644a07476fdc7d53739d6dcd8c08a7c9be6f358f8651aa3823f1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: ed0d5ed74e37c4ec518a9c426866cc90a3d1b6a94a4b5fa18dc541ea5656752f
git-daemon-2.31.1-3.el9_0.s390x.rpm
SHA-256: 107f9d6c31c459d4771742cd7d144eba751cb13475994db83061f2b3c0824234
git-daemon-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 1396e738b09212ca442922edaefe835275d58d8be246b723951bf26d78e206f4
git-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 5a708a8d1160dbdc40e1b71d4bb80729b618cc0bbaa585fe9815df30ebb4ea74
git-debugsource-2.31.1-3.el9_0.s390x.rpm
SHA-256: 1e4a1233449a53e4489e25893a701e0102e7fe4845aaa57a2be82186c5175cf6
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.s390x.rpm
SHA-256: d483f06b88f013606e2f22e75437c3e6aff152d3404388c7f615921ffd4be8b7
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
ppc64le
git-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 4feb59dbb5107d6d7644b86c2e9dfa1d221be64e5899ea70e5523d964fc6e0fc
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: cc8fc327ce5c6b2a0988020ab461aa76db8d46fb394eb34b17677f25a47dd8bf
git-core-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 006cdfbedd551197a12f006e503b1a06d7884aac7b4bcca1ed0d706b9d5485e3
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: ddeb958c387ce337d364d3f25247d95c834dae793870ef41b77cc9ad23c0cccc
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 470db02c7f489ad9c5e966fbfb3e840b0dead16616a34cf51fef89a7a84e8837
git-daemon-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: e60fc443dd0be346bebd2de837cb85479e6ff445a670435bd3f442dd3dce265d
git-daemon-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 156991421e87ad2f498fdbb6caa72b546ea9462c93bd33bdaa7714f56e79f500
git-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 6b7fa34b6da6a294a85389d9811b9a284914c249e7662484910ac8ba59cd9a1b
git-debugsource-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 22550e6fc33e726c266f4f0130ca87cab25e799ef641ae3fd236061661ad282c
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 9acfbb49a03c85c3448a189facb813227db3d4e2c92f28ffc29f861e0d6f5429
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
aarch64
git-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 3269e20d93db89f4fcca3e7fa7cb89ef68e46193aebd55e73f6511a2315695d6
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 7c3981dda996f43735c056c9e7b2bd9c2fe8af6189a71426d8bd9920f168ff0e
git-core-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: d60d8743b151665021dc9a17cfc363d7d3f6863a5a721d8bb9191b548159dba3
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 2dda76ba089cb47d8341c901780a9c0435fdf27b1b66cf95b64ffbd21bb00bc1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: edbcbbc6bd0ef648e947985a055a3672439cfec80a1d580c334cc137408e0e75
git-daemon-2.31.1-3.el9_0.aarch64.rpm
SHA-256: d1ece9765ddb39923d3443e76f62402ba7546fe486bf166a63aa70ca3bac2b5c
git-daemon-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 83dcfbed0e9daa9a8f975e4313e06ad99f58dc0b3312514212726a4ade2a5c71
git-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 26cbd684ce23a899d27a6c1378c2b5b12f054d88671e4859860dc213694e53df
git-debugsource-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 63699239b9c8f60958671036e665ae15920aea96f61c83e6e25887e19794fdee
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 2273b8f64f8749bcf3b3a2a9c3ccf1b2682f91a9ee2e29f624405b3806f1c323
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
ppc64le
git-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 4feb59dbb5107d6d7644b86c2e9dfa1d221be64e5899ea70e5523d964fc6e0fc
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: cc8fc327ce5c6b2a0988020ab461aa76db8d46fb394eb34b17677f25a47dd8bf
git-core-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 006cdfbedd551197a12f006e503b1a06d7884aac7b4bcca1ed0d706b9d5485e3
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: ddeb958c387ce337d364d3f25247d95c834dae793870ef41b77cc9ad23c0cccc
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 470db02c7f489ad9c5e966fbfb3e840b0dead16616a34cf51fef89a7a84e8837
git-daemon-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: e60fc443dd0be346bebd2de837cb85479e6ff445a670435bd3f442dd3dce265d
git-daemon-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 156991421e87ad2f498fdbb6caa72b546ea9462c93bd33bdaa7714f56e79f500
git-debuginfo-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 6b7fa34b6da6a294a85389d9811b9a284914c249e7662484910ac8ba59cd9a1b
git-debugsource-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 22550e6fc33e726c266f4f0130ca87cab25e799ef641ae3fd236061661ad282c
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.ppc64le.rpm
SHA-256: 9acfbb49a03c85c3448a189facb813227db3d4e2c92f28ffc29f861e0d6f5429
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
x86_64
git-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 75e1eb79425a5a6e2112e17413e677e0e4e4ad80a64b63a9eb50200e085688b9
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 7625dc6ad1d65695b827724f9894a4dd68bd82a19a1bfefc6a6c3909c3d65739
git-core-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 85b0c3bbf0beef341fbae6f16f9c221af8623188c95c2d4efd3c6f187418831f
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.x86_64.rpm
SHA-256: fea327f9d731a67465bcc49d8b6e84ad6b710f9395257e6a2b007009898204d1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 51a725834286427a591618a0a2a0af28e95f842621652eac146e699e8ab0ce6f
git-daemon-2.31.1-3.el9_0.x86_64.rpm
SHA-256: ec16efd917be8d55f4669a7ecc6b3716dd54e44e383b2ddddc08be15ff21fd6d
git-daemon-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 5c0f0e3e3a178b4277d164116afa7b0fd0cf943d407f5c755846928d7a367180
git-debuginfo-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 1105da8fecc8642019339bfbe4af796f8da88db76feefe5c12f4264c270402a6
git-debugsource-2.31.1-3.el9_0.x86_64.rpm
SHA-256: 567de288f5b28c5e19a5910e67360f363ce36c07ca63738826306de76baf7892
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.x86_64.rpm
SHA-256: b4f99b75de17d0b2fa104fc537c1d300771da058066e821c82fd9d9283008a58
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
aarch64
git-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 3269e20d93db89f4fcca3e7fa7cb89ef68e46193aebd55e73f6511a2315695d6
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 7c3981dda996f43735c056c9e7b2bd9c2fe8af6189a71426d8bd9920f168ff0e
git-core-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: d60d8743b151665021dc9a17cfc363d7d3f6863a5a721d8bb9191b548159dba3
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 2dda76ba089cb47d8341c901780a9c0435fdf27b1b66cf95b64ffbd21bb00bc1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: edbcbbc6bd0ef648e947985a055a3672439cfec80a1d580c334cc137408e0e75
git-daemon-2.31.1-3.el9_0.aarch64.rpm
SHA-256: d1ece9765ddb39923d3443e76f62402ba7546fe486bf166a63aa70ca3bac2b5c
git-daemon-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 83dcfbed0e9daa9a8f975e4313e06ad99f58dc0b3312514212726a4ade2a5c71
git-debuginfo-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 26cbd684ce23a899d27a6c1378c2b5b12f054d88671e4859860dc213694e53df
git-debugsource-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 63699239b9c8f60958671036e665ae15920aea96f61c83e6e25887e19794fdee
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.aarch64.rpm
SHA-256: 2273b8f64f8749bcf3b3a2a9c3ccf1b2682f91a9ee2e29f624405b3806f1c323
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
git-2.31.1-3.el9_0.src.rpm
SHA-256: bc6030a38461e89e3565767c7be9b74ad1b2314dada829bc0d75335263c33dda
s390x
git-2.31.1-3.el9_0.s390x.rpm
SHA-256: fc85bb8acecff6cbc74c7ebd47faab752b68b6b01a8323d48f1d056413825f5d
git-all-2.31.1-3.el9_0.noarch.rpm
SHA-256: e92ca5ef0e04189a1792c342839a20f04176133896c915ea9395cddc27bd2cc5
git-core-2.31.1-3.el9_0.s390x.rpm
SHA-256: 3feb65159d095c4438b3d8d21dc3348789b2b64188c56e2308d5cecf816d793b
git-core-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 8ed7c4585bda635bcf0421268e1ee3c5866a4a141a6057140a76fb50daaa2a4e
git-core-doc-2.31.1-3.el9_0.noarch.rpm
SHA-256: 00cc94f764596a80628cee964c194854cf04b2972a8328b78356f1842dad5efe
git-credential-libsecret-2.31.1-3.el9_0.s390x.rpm
SHA-256: 65f1f0d86235644a07476fdc7d53739d6dcd8c08a7c9be6f358f8651aa3823f1
git-credential-libsecret-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: ed0d5ed74e37c4ec518a9c426866cc90a3d1b6a94a4b5fa18dc541ea5656752f
git-daemon-2.31.1-3.el9_0.s390x.rpm
SHA-256: 107f9d6c31c459d4771742cd7d144eba751cb13475994db83061f2b3c0824234
git-daemon-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 1396e738b09212ca442922edaefe835275d58d8be246b723951bf26d78e206f4
git-debuginfo-2.31.1-3.el9_0.s390x.rpm
SHA-256: 5a708a8d1160dbdc40e1b71d4bb80729b618cc0bbaa585fe9815df30ebb4ea74
git-debugsource-2.31.1-3.el9_0.s390x.rpm
SHA-256: 1e4a1233449a53e4489e25893a701e0102e7fe4845aaa57a2be82186c5175cf6
git-email-2.31.1-3.el9_0.noarch.rpm
SHA-256: 82a55d8a54a47ae04eb813f9402584e2236b24fcaf4ecdfcb7f3421a5cf15ec3
git-gui-2.31.1-3.el9_0.noarch.rpm
SHA-256: 171889a113afb84b34398bde5dc360d37e8c2aca1fb791d39250903b5863b1a7
git-instaweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 241e23b2819448fdb066538dcb84e31c0024a6090f27456a10cc73abd229a195
git-subtree-2.31.1-3.el9_0.s390x.rpm
SHA-256: d483f06b88f013606e2f22e75437c3e6aff152d3404388c7f615921ffd4be8b7
git-svn-2.31.1-3.el9_0.noarch.rpm
SHA-256: 4f8994eac9a2358d06608a69263b6a98933e809febeb8b0221c612937fe4f938
gitk-2.31.1-3.el9_0.noarch.rpm
SHA-256: 0c9be7776f90ae9b482b791b63f53bdca6fd5556afa65543b768e7e544512e35
gitweb-2.31.1-3.el9_0.noarch.rpm
SHA-256: 657de28af782e6ba188983bca041086dad559d0b532985ce03dbbc83b8b1ece5
perl-Git-2.31.1-3.el9_0.noarch.rpm
SHA-256: 8520bb57194dba0b43fa8d7ed3cd383cd0c7566605af7cf66ae9a321e7b11edb
perl-Git-SVN-2.31.1-3.el9_0.noarch.rpm
SHA-256: 405fb68d19050805801932ed43594e42614a222e8dd7da27e30b78a3189019f6
Related news
Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505 (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and
Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.
Ubuntu Security Notice 5810-4 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0923: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...
Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.
An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...
An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...
Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.g...
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.g...
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.
CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched i...