Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0596: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted .gitattributes file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution.
  • CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::format_and_pad_commit(), where asize_tis stored improperly as anint, and then added as an offset to amemcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,git log --format=…`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#rce#perl#ibm#sap

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: gitattributes parsing integer overflow (CVE-2022-23521)
  • git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
  • BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

x86_64

git-2.27.0-3.el8_4.x86_64.rpm

SHA-256: de270b0716a9021f7a03a174bc0c4d1d9ca7b90dba88b057b8f81dfe13c277b5

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.x86_64.rpm

SHA-256: b44cee256b883e3e9b94114975f843ba9e5da3e09d9622f7a8c7a641fa52266e

git-core-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 1ef2cdacc10305e9494492a746b7ec7a3cf44051f5f45c9d25121ef28fd1310f

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.x86_64.rpm

SHA-256: d90587b280dec24ee8fe9e7ba5a2f5bf2a1f81e47cf098f78b71f007b5054cdf

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 85da7b22aa25638fffe5d437ffdc50d8ed788f29e58abe7588de2e77d4eb94ef

git-daemon-2.27.0-3.el8_4.x86_64.rpm

SHA-256: a087bd5868c903d7d383b63aa5611a6b79300b9ae08408d3821bf43eb6d522db

git-daemon-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8176646771cfb3391467af48f62cde59c7189aa69edab7ce8f26bc07973cbb42

git-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8f8f7d3233fd2c2017f1dc3a002a35c619cb35f252dc3e0eb168b76260bada7f

git-debugsource-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 389f0c9f6568258849972f8bef7aef9bec67d2422c430557848030fad6bf7129

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 55b930ecfb47e2369dae6b5360863c74b5d33894eccc21c143873149230f1d6a

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

x86_64

git-2.27.0-3.el8_4.x86_64.rpm

SHA-256: de270b0716a9021f7a03a174bc0c4d1d9ca7b90dba88b057b8f81dfe13c277b5

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.x86_64.rpm

SHA-256: b44cee256b883e3e9b94114975f843ba9e5da3e09d9622f7a8c7a641fa52266e

git-core-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 1ef2cdacc10305e9494492a746b7ec7a3cf44051f5f45c9d25121ef28fd1310f

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.x86_64.rpm

SHA-256: d90587b280dec24ee8fe9e7ba5a2f5bf2a1f81e47cf098f78b71f007b5054cdf

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 85da7b22aa25638fffe5d437ffdc50d8ed788f29e58abe7588de2e77d4eb94ef

git-daemon-2.27.0-3.el8_4.x86_64.rpm

SHA-256: a087bd5868c903d7d383b63aa5611a6b79300b9ae08408d3821bf43eb6d522db

git-daemon-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8176646771cfb3391467af48f62cde59c7189aa69edab7ce8f26bc07973cbb42

git-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8f8f7d3233fd2c2017f1dc3a002a35c619cb35f252dc3e0eb168b76260bada7f

git-debugsource-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 389f0c9f6568258849972f8bef7aef9bec67d2422c430557848030fad6bf7129

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 55b930ecfb47e2369dae6b5360863c74b5d33894eccc21c143873149230f1d6a

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

s390x

git-2.27.0-3.el8_4.s390x.rpm

SHA-256: fa93ba5d200c61766d02b7375b4dcfd2ceff045370ab9f072e3c2f2647eb13a9

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.s390x.rpm

SHA-256: 3a457dcbdc421f9920530acae66149eab825d93053c23b09104fed04f58edf2b

git-core-debuginfo-2.27.0-3.el8_4.s390x.rpm

SHA-256: 169c2f1ef0a39362294be2a181d586ee032ad16a7824bdf972f1a07cc893952d

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.s390x.rpm

SHA-256: 7cf4ba915909f085c538e9202d6dcdcb129874d4e605251fc1cdf48ce9279f15

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.s390x.rpm

SHA-256: f41f31e32cc45f163c0cfd7c99be99fcf5b316b8afb64a08667919db390345ac

git-daemon-2.27.0-3.el8_4.s390x.rpm

SHA-256: d881c9c358d2346ccef86836072146697a2b5a3730e47c698136fbaecce34fe4

git-daemon-debuginfo-2.27.0-3.el8_4.s390x.rpm

SHA-256: f085744622ad0d16db7743a683021cb0889f69ec9a7fea42c400ab2f3439a1e8

git-debuginfo-2.27.0-3.el8_4.s390x.rpm

SHA-256: 07140c63566131248dd046c7bd372a66471b9fd36006b1f831a7f4964dc9c3c5

git-debugsource-2.27.0-3.el8_4.s390x.rpm

SHA-256: f7984ee6766b811690f08e05ac7df06304081d25f8701f738829cbf9fb5ab01b

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.s390x.rpm

SHA-256: bbfc25b613b8ce050526509783ea4d659857a3a33af4c580fd423a7fd875b918

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

ppc64le

git-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 4379a74d16bc3d0e0620c6c3af44a7ad6a5cd6ce10320b4d3836ccd2a72186d0

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 3a9075f3143f9ad68cb7fc5126b011bd35239ae3b74851dac826355cc624bb77

git-core-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 17e0bc39a8be849f81f4988c59883704e88cd18c3daa629f9917607cad54a46d

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: d512a8e3a23bc6bc9789155683d02e0d617bd5d2ebd09596e6bfefcd57746486

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 70f16510e8930d8117f6ef57b332cab9df93f4c41849a9889b8348f828cc9084

git-daemon-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 59f8a7518e8bc345e9769d1631b18c5b3c446735a00d049aeb3f10a48b679cbc

git-daemon-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 54ca558c62cc0d62fe456cb37bd351d8a8f5fd918d2108c2c9901c85318291b8

git-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 276594e912797708e092ffa514c8f378c77fa6039e4c8592c655fcae757aebc6

git-debugsource-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 0f8256765c3b0e9c2703d09cc1da6e72dd29ec60ff867709a5a7367d2d7ec5e6

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 6e08a0c72cb175e027cc7083cf5e3fb7176175a9d35efd3d219b8f545813ee95

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

x86_64

git-2.27.0-3.el8_4.x86_64.rpm

SHA-256: de270b0716a9021f7a03a174bc0c4d1d9ca7b90dba88b057b8f81dfe13c277b5

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.x86_64.rpm

SHA-256: b44cee256b883e3e9b94114975f843ba9e5da3e09d9622f7a8c7a641fa52266e

git-core-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 1ef2cdacc10305e9494492a746b7ec7a3cf44051f5f45c9d25121ef28fd1310f

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.x86_64.rpm

SHA-256: d90587b280dec24ee8fe9e7ba5a2f5bf2a1f81e47cf098f78b71f007b5054cdf

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 85da7b22aa25638fffe5d437ffdc50d8ed788f29e58abe7588de2e77d4eb94ef

git-daemon-2.27.0-3.el8_4.x86_64.rpm

SHA-256: a087bd5868c903d7d383b63aa5611a6b79300b9ae08408d3821bf43eb6d522db

git-daemon-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8176646771cfb3391467af48f62cde59c7189aa69edab7ce8f26bc07973cbb42

git-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8f8f7d3233fd2c2017f1dc3a002a35c619cb35f252dc3e0eb168b76260bada7f

git-debugsource-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 389f0c9f6568258849972f8bef7aef9bec67d2422c430557848030fad6bf7129

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 55b930ecfb47e2369dae6b5360863c74b5d33894eccc21c143873149230f1d6a

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

aarch64

git-2.27.0-3.el8_4.aarch64.rpm

SHA-256: c41a1467994c6a5c2fa53becca65abcd55ea9ba69e1b265a1f76f2432a3e745e

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.aarch64.rpm

SHA-256: afc9c689bc156b45b5473f6ce6ff9c9c23128e07df9f668c18b4192540024738

git-core-debuginfo-2.27.0-3.el8_4.aarch64.rpm

SHA-256: 4ac558a65583b988effd3729f516e188cd71d6ffe8378d3da2158ec9864442e9

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.aarch64.rpm

SHA-256: b0fc6de587133b84888745ae931a59f3cdb3b1926fa9c51e8c8cdfc0754771f3

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.aarch64.rpm

SHA-256: a776e9c8c90c7bcaaef2865e1685e62c49e220884026273107830f12779a61ae

git-daemon-2.27.0-3.el8_4.aarch64.rpm

SHA-256: 94e82321c663dca4799e9c566223a382e33d4aa22e6610d75fd160997d963474

git-daemon-debuginfo-2.27.0-3.el8_4.aarch64.rpm

SHA-256: c72d6f0865065bd530ab56e3cb8623f751ea290f130865791594b70dd6c150c1

git-debuginfo-2.27.0-3.el8_4.aarch64.rpm

SHA-256: 4b8677e095e1a6f4e8c6794a21bb113c7fc779ac9157972b1efc5684598dddde

git-debugsource-2.27.0-3.el8_4.aarch64.rpm

SHA-256: e69f611991fe1fc53ad46b325c4d87d0306388c4ca638c2b19ee7ffca8fba592

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.aarch64.rpm

SHA-256: a2137ecedeb262b7d33d4e507c1f4755d8cb6ce84025e25a5a779c84aeaf124d

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

ppc64le

git-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 4379a74d16bc3d0e0620c6c3af44a7ad6a5cd6ce10320b4d3836ccd2a72186d0

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 3a9075f3143f9ad68cb7fc5126b011bd35239ae3b74851dac826355cc624bb77

git-core-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 17e0bc39a8be849f81f4988c59883704e88cd18c3daa629f9917607cad54a46d

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: d512a8e3a23bc6bc9789155683d02e0d617bd5d2ebd09596e6bfefcd57746486

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 70f16510e8930d8117f6ef57b332cab9df93f4c41849a9889b8348f828cc9084

git-daemon-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 59f8a7518e8bc345e9769d1631b18c5b3c446735a00d049aeb3f10a48b679cbc

git-daemon-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 54ca558c62cc0d62fe456cb37bd351d8a8f5fd918d2108c2c9901c85318291b8

git-debuginfo-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 276594e912797708e092ffa514c8f378c77fa6039e4c8592c655fcae757aebc6

git-debugsource-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 0f8256765c3b0e9c2703d09cc1da6e72dd29ec60ff867709a5a7367d2d7ec5e6

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.ppc64le.rpm

SHA-256: 6e08a0c72cb175e027cc7083cf5e3fb7176175a9d35efd3d219b8f545813ee95

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

git-2.27.0-3.el8_4.src.rpm

SHA-256: 68b9dbc811a32886a99142be19847bcee24b830e5507fb0c25c3f7468ad87b88

x86_64

git-2.27.0-3.el8_4.x86_64.rpm

SHA-256: de270b0716a9021f7a03a174bc0c4d1d9ca7b90dba88b057b8f81dfe13c277b5

git-all-2.27.0-3.el8_4.noarch.rpm

SHA-256: fcaf5bea673000668ff725cf1a626413eb51b3ee8e8f7214ea5d31258eb8c784

git-core-2.27.0-3.el8_4.x86_64.rpm

SHA-256: b44cee256b883e3e9b94114975f843ba9e5da3e09d9622f7a8c7a641fa52266e

git-core-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 1ef2cdacc10305e9494492a746b7ec7a3cf44051f5f45c9d25121ef28fd1310f

git-core-doc-2.27.0-3.el8_4.noarch.rpm

SHA-256: 36b0ec27367c07cb95c700335b4baf198ece88791a5de31cb07571b1f492b33d

git-credential-libsecret-2.27.0-3.el8_4.x86_64.rpm

SHA-256: d90587b280dec24ee8fe9e7ba5a2f5bf2a1f81e47cf098f78b71f007b5054cdf

git-credential-libsecret-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 85da7b22aa25638fffe5d437ffdc50d8ed788f29e58abe7588de2e77d4eb94ef

git-daemon-2.27.0-3.el8_4.x86_64.rpm

SHA-256: a087bd5868c903d7d383b63aa5611a6b79300b9ae08408d3821bf43eb6d522db

git-daemon-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8176646771cfb3391467af48f62cde59c7189aa69edab7ce8f26bc07973cbb42

git-debuginfo-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 8f8f7d3233fd2c2017f1dc3a002a35c619cb35f252dc3e0eb168b76260bada7f

git-debugsource-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 389f0c9f6568258849972f8bef7aef9bec67d2422c430557848030fad6bf7129

git-email-2.27.0-3.el8_4.noarch.rpm

SHA-256: 8cdf745d07bb9f479b41c74ff18a89e6eb33e5cd43576e40ef8cdb44c57e5791

git-gui-2.27.0-3.el8_4.noarch.rpm

SHA-256: 0f5d8d13e62520afab9117fea72fef65cd001c12dcf23bded47da50dcb3f2bdb

git-instaweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: 7cf702b4c0d2a485b9ddfb07742b19b1737e49aca84c54276c8b133b82fe6e90

git-subtree-2.27.0-3.el8_4.x86_64.rpm

SHA-256: 55b930ecfb47e2369dae6b5360863c74b5d33894eccc21c143873149230f1d6a

git-svn-2.27.0-3.el8_4.noarch.rpm

SHA-256: 828a6a646dc44ff269696111029264ec4dbae1ed46e519959080d2e92974ed6c

gitk-2.27.0-3.el8_4.noarch.rpm

SHA-256: 846f6854046bba5206f98c7eedf8f42de40b79cc2f645f927e1160459ab52e94

gitweb-2.27.0-3.el8_4.noarch.rpm

SHA-256: f5764285fcc3a886def04316545b9cee536781cf56b3d5706436817db1a143f3

perl-Git-2.27.0-3.el8_4.noarch.rpm

SHA-256: ffe1ac6cc3080820227f4718126d5a307ad50ef9bf15cd630f75dc757f584cd3

perl-Git-SVN-2.27.0-3.el8_4.noarch.rpm

SHA-256: bd984d2e111c508ecf67bbbf0ae3d7a868379aec397cd9659167cf1162fc0ad3

Related news

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505 (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and

Red Hat Security Advisory 2023-1677-01

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-1158-01

Red Hat Security Advisory 2023-1158-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5810-4

Ubuntu Security Notice 5810-4 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Red Hat Security Advisory 2023-0978-01

Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0778: Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

RHSA-2023:0769: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...

Red Hat Security Advisory 2023-0803-01

Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0804-01

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

RHSA-2023:0802: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-0698-01

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Red Hat Security Advisory 2023-0596-01

Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0610-01

Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0611-01

Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

RHSA-2023:0627: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via...

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0599: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Ubuntu Security Notice USN-5810-2

Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5810-2

Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Update now! Two critical flaws in Git's code found, patched

CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.

Update now! Two critical flaws in Git's code found, patched

CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.

CVE-2022-23521: gitattributes parsing integer overflow

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched i...

CVE-2022-41903: Heap overflow in `git archive`, `git log --format` leading to RCE

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u...