Headline
RHSA-2023:3263: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to
git apply --reject
; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. - CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
- git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
- BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
Red Hat Enterprise Linux Server 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
x86_64
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux Workstation 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
x86_64
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux Desktop 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
x86_64
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
s390x
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: 9470dae5836906b830cbdef402072c42e40f8e20ae934d1a087415bd47373e61
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: 99b27d55b02644ccc8297aea1fb707edc80c43a56d45d502d4efe4b95380c057
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: 72b30fbf898cae13d4675668e74615a746d70be4f531215cd956652edcea0f47
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: 72b30fbf898cae13d4675668e74615a746d70be4f531215cd956652edcea0f47
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: 7190d8c8f2d34319102e79eab946f4bd51dd5ca45b98664da72ca2e5066d0762
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.s390x.rpm
SHA-256: fbea9044acd7899daed89cacd148f31c7146b820c946732415aa1e73a4168794
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux for Power, big endian 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
ppc64
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: 1a832c7168971bb978fa5a7dc4d51b9eaaa2f53f093089815ae4833c1d9837ae
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: d46b3ff4b7b40aa515df7160e0f4f5b8563e9b76df485ae9a86b9b4bc0c1f952
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: 310e8212f113b6fc82a3d19a3f4350762f05537a9aabccf9bc8f81ec0cbf91b8
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: 310e8212f113b6fc82a3d19a3f4350762f05537a9aabccf9bc8f81ec0cbf91b8
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: c544d89afc0c2ecbf3cf5a7b64e03d84c9050858f0256db5535d3bbe82d27b20
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.ppc64.rpm
SHA-256: a06d581d053f94fbdff992ad06ef8c062600189b5147b08e5c6a26c418ad2185
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
x86_64
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.x86_64.rpm
SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Red Hat Enterprise Linux for Power, little endian 7
SRPM
git-1.8.3.1-25.el7_9.src.rpm
SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c
ppc64le
emacs-git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436
git-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: 63b5b495e79843db3b4dc276c10f6ac763c8e76cdf4e591ffe3ab136e25a3190
git-all-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c
git-bzr-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8
git-cvs-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03
git-daemon-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: bfc64f6eb18559534bf377c1fd53ea8e827bb62ffcb2749e63986ad3750a8909
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: 624d3b705be98b1b1ab51513604dfaf33edec731595e14a14780f734e1d7f9a3
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: 624d3b705be98b1b1ab51513604dfaf33edec731595e14a14780f734e1d7f9a3
git-email-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: 3e69637522bf375c05f64a5263636070bbabc02862f038bd0e40847176d6327e
git-gui-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4
git-hg-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa
git-p4-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70
git-svn-1.8.3.1-25.el7_9.ppc64le.rpm
SHA-256: 2b09a9a95f11d8ad8bf0705d78c2c2ecbd0139f02724391f02a0ab526d762d95
gitk-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0
gitweb-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a
perl-Git-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm
SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b
Related news
Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.