Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3263: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.
  • CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#perl#ibm

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
  • git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
  • BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

Red Hat Enterprise Linux Server 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

x86_64

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux Workstation 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

x86_64

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux Desktop 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

x86_64

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

s390x

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: 9470dae5836906b830cbdef402072c42e40f8e20ae934d1a087415bd47373e61

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: 99b27d55b02644ccc8297aea1fb707edc80c43a56d45d502d4efe4b95380c057

git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: 72b30fbf898cae13d4675668e74615a746d70be4f531215cd956652edcea0f47

git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: 72b30fbf898cae13d4675668e74615a746d70be4f531215cd956652edcea0f47

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: 7190d8c8f2d34319102e79eab946f4bd51dd5ca45b98664da72ca2e5066d0762

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.s390x.rpm

SHA-256: fbea9044acd7899daed89cacd148f31c7146b820c946732415aa1e73a4168794

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux for Power, big endian 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

ppc64

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: 1a832c7168971bb978fa5a7dc4d51b9eaaa2f53f093089815ae4833c1d9837ae

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: d46b3ff4b7b40aa515df7160e0f4f5b8563e9b76df485ae9a86b9b4bc0c1f952

git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: 310e8212f113b6fc82a3d19a3f4350762f05537a9aabccf9bc8f81ec0cbf91b8

git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: 310e8212f113b6fc82a3d19a3f4350762f05537a9aabccf9bc8f81ec0cbf91b8

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: c544d89afc0c2ecbf3cf5a7b64e03d84c9050858f0256db5535d3bbe82d27b20

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.ppc64.rpm

SHA-256: a06d581d053f94fbdff992ad06ef8c062600189b5147b08e5c6a26c418ad2185

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

x86_64

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 5876ed18babc953d804fbdc90ff6a9803fa2f67884588fc7ad23fd3fb7734dfe

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 6de41b6572868e2f14e6911a6ab0bfc6dec65f090af9be49b0e467f64c2fa186

git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: ca3d8011de1996b5366641aa39aa397c2354d7367e79655f4dc430e6c2662294

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: 09f721edc20aed8eab078c07cce2295195ea9f0dade53ef5302b40b4d9c1e209

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.x86_64.rpm

SHA-256: fee6fc15f35b9c27aa170f0acc2fc28e2d40afd433a30c47ebb38734ef12a191

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Red Hat Enterprise Linux for Power, little endian 7

SRPM

git-1.8.3.1-25.el7_9.src.rpm

SHA-256: 85c12b1cecb7ff3ffabdc92f8684236f8046e77d79431d6750cd9ea0f918bf2c

ppc64le

emacs-git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: d0ee8972edd826d021c95708b66f48785fe8473cddf81db8cc2bf31cf1db01f2

emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 60607fe6d501dfab532661ccdf059b8deb5c866b8828741ae04b8f914ea62436

git-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: 63b5b495e79843db3b4dc276c10f6ac763c8e76cdf4e591ffe3ab136e25a3190

git-all-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 257fac4d707e91f774517ecf050c49ca2b7ef310ead32c79b3d260d9e0b8fc6c

git-bzr-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 3f85d82dfbbdbf660f5e21c05e0ae7a7a01383e67da905bcdc9211458fec6ed8

git-cvs-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 70160444a56472d34659367a0a8a16b982129a3798c77341945d986d7b022f03

git-daemon-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: bfc64f6eb18559534bf377c1fd53ea8e827bb62ffcb2749e63986ad3750a8909

git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: 624d3b705be98b1b1ab51513604dfaf33edec731595e14a14780f734e1d7f9a3

git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: 624d3b705be98b1b1ab51513604dfaf33edec731595e14a14780f734e1d7f9a3

git-email-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 30ace3f84d6d5283ad6364cc1a224319272411d9e8d4f69b8c302f0b03fe982c

git-gnome-keyring-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: 3e69637522bf375c05f64a5263636070bbabc02862f038bd0e40847176d6327e

git-gui-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: b209916cb442f3d807826cba057c46c80c401de800ce218e70087e67588407f4

git-hg-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: ba128c4ff6a17d590b179e8c79bca5d95c751b399ae3848427282b65960c6b57

git-instaweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 76532013974dc28cf516a49ef8909fe08a47615823ae4a4fdfd8903575c81faa

git-p4-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 019f4accb20a349207ef0362110d8568b79b42bf9cd0f244f3d7741734a42f70

git-svn-1.8.3.1-25.el7_9.ppc64le.rpm

SHA-256: 2b09a9a95f11d8ad8bf0705d78c2c2ecbd0139f02724391f02a0ab526d762d95

gitk-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 24aedcacf8116778b9d8e2b0136ad327da7cea9abd1442bdbab0fe9a6d981cf0

gitweb-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: a77271c4a9aef4d57659cfbbbbd244851eaac4d24f17a63bdea9cdc1b8ed131a

perl-Git-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 88f370361326580a5ff83bad423abb42552086e443362230feb8d5c4146acb49

perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

SHA-256: 0d8ece68d4635ca6842e2a4b01fb1b53351ce42c99a0ffe12ea408841474888b

Related news

Debian Security Advisory 5769-1

Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

RHSA-2023:3664: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...

Red Hat Security Advisory 2023-3495-01

Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.

RHSA-2023:3410: Red Hat Security Advisory: OpenShift Container Platform 4.12.20 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...

Red Hat Security Advisory 2023-3363-01

Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3309-01

Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3287-01

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3382: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3309: Red Hat Security Advisory: OpenShift Container Platform 4.11.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3287: Red Hat Security Advisory: OpenShift Container Platform 4.12.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3304: Red Hat Security Advisory: OpenShift Container Platform 4.13.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...

Red Hat Security Advisory 2023-3297-01

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3297: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...

Red Hat Security Advisory 2023-3280-01

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3263-01

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3280: Red Hat Security Advisory: rh-git227-git security update

An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...

Red Hat Security Advisory 2023-3245-01

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3243: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3243: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

CVE-2023-29007: Arbitrary configuration injection via `git submodule deinit`

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.