Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2319: Red Hat Security Advisory: git security and bug fix update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-24765: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.
  • CVE-2022-29187: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.
  • CVE-2022-39253: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source’s $GIT_DIR/objects directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via --no-hardlinks). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim’s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the --recurse-submodules option. Git does not create symbolic links in the $GIT_DIR/objects directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the --local optimization when on a shared machine, either by passing the --no-local option to git clone or cloning from a URL that uses the file:// scheme. Alternatively, avoid cloning repositories from untrusted sources with --recurse-submodules or run git config --global protocol.file.allow user.
  • CVE-2022-39260: Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#rce#perl#ssh#ibm

概述

Moderate: git security and bug fix update

类型/严重性

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for git is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
  • git: Bypass of safe.directory protections (CVE-2022-29187)
  • git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
  • git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

修复

  • BZ - 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
  • BZ - 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections
  • BZ - 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor
  • BZ - 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes.
  • BZ - 2139379 - Rebase git to 2.39 version [rhel-9.2]

CVE

  • CVE-2022-24765
  • CVE-2022-29187
  • CVE-2022-39253
  • CVE-2022-39260

参考

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

git-2.39.1-1.el9.src.rpm

SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e

x86_64

git-2.39.1-1.el9.x86_64.rpm

SHA-256: 8d8b7be4eaf874004c9ca01c2b05d15ee9d1aa0445da8e48e33d980ef3023a93

git-all-2.39.1-1.el9.noarch.rpm

SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7

git-core-2.39.1-1.el9.x86_64.rpm

SHA-256: b24c880aa28e52ab406bfb203d5e19d5681b70ebe3c7e3cc5bcf4371827e0647

git-core-debuginfo-2.39.1-1.el9.x86_64.rpm

SHA-256: 04cb4c39d5a8c839705f881703caf29194f7b90aab476b666764cb1bdeaa9eb8

git-core-doc-2.39.1-1.el9.noarch.rpm

SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5

git-credential-libsecret-2.39.1-1.el9.x86_64.rpm

SHA-256: 3e068a6eda2fa439dafef7affc4f18de1b4cd5a2fad7090eb5538b1f1f4a01f7

git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm

SHA-256: 613536e554e337c4b0ca23fcf0e7c226fe1db2174f3c13247abd9bbc722f8c41

git-daemon-2.39.1-1.el9.x86_64.rpm

SHA-256: 31c6b7a6a59b217f85b98be89a09d883f00fa76e07f3fe2dff32cf70de07bd6e

git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm

SHA-256: 447751ca5429f4cb17d7b84a981b19ca1b3dbbc0cf96e59e8ede6640ed4e7c79

git-debuginfo-2.39.1-1.el9.x86_64.rpm

SHA-256: a7247b8a93bf1633e71b270ef2315ea660c31df13669d43928f56ef92680a4be

git-debugsource-2.39.1-1.el9.x86_64.rpm

SHA-256: cf52708ba109a6ff97fa78d0f06847da277e544c8aaf7aef39e8eca682da7097

git-email-2.39.1-1.el9.noarch.rpm

SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f

git-gui-2.39.1-1.el9.noarch.rpm

SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d

git-instaweb-2.39.1-1.el9.noarch.rpm

SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b

git-subtree-2.39.1-1.el9.x86_64.rpm

SHA-256: 22b5252e0d55667216e9eb39e1401a195cdeb8e2f51d8914a83b1842a8d0a2f0

git-svn-2.39.1-1.el9.noarch.rpm

SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e

gitk-2.39.1-1.el9.noarch.rpm

SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968

gitweb-2.39.1-1.el9.noarch.rpm

SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2

perl-Git-2.39.1-1.el9.noarch.rpm

SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5

perl-Git-SVN-2.39.1-1.el9.noarch.rpm

SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

git-2.39.1-1.el9.src.rpm

SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e

s390x

git-2.39.1-1.el9.s390x.rpm

SHA-256: 74c09b19a42a200ac0888bae710ffc8b27da8f664fbd949afc25d24172e5794a

git-all-2.39.1-1.el9.noarch.rpm

SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7

git-core-2.39.1-1.el9.s390x.rpm

SHA-256: 571c62450493b332d2c30adf0174e568a5a987fcecf98bb6a5844699407bc88e

git-core-debuginfo-2.39.1-1.el9.s390x.rpm

SHA-256: 6d7e0794dff7775f693cae8cc6601b36bc96cbb944db22e7a6344f68e2818c53

git-core-doc-2.39.1-1.el9.noarch.rpm

SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5

git-credential-libsecret-2.39.1-1.el9.s390x.rpm

SHA-256: c11d2bf2d41cb649035c9cb52dc77fee99b1fcaf64c285fd925d6d04d0870664

git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm

SHA-256: fb95ad6d8e8af4091d3953cec1dff095b52c26facc6d24947b1bb21a155bcd41

git-daemon-2.39.1-1.el9.s390x.rpm

SHA-256: 3072da5493f04949437eeeb273c7a3cf27175cef94194cd6077d8f1620596af1

git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm

SHA-256: e107e35458daa7c662cae3e28eb074880b54bf5debcd5f960c31d3377b28e1a0

git-debuginfo-2.39.1-1.el9.s390x.rpm

SHA-256: 82a460cf73c91743698b6e6677e22bf58ddc92202325e660a0c1ebce1c9f9476

git-debugsource-2.39.1-1.el9.s390x.rpm

SHA-256: c9f73716edc1326d51aaee712a51d7e8342963534227176b269a6da8b449ddca

git-email-2.39.1-1.el9.noarch.rpm

SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f

git-gui-2.39.1-1.el9.noarch.rpm

SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d

git-instaweb-2.39.1-1.el9.noarch.rpm

SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b

git-subtree-2.39.1-1.el9.s390x.rpm

SHA-256: 36a2f0e8cf388c4a39588a67fff125f853bf5080ed72891600d2b96df4750231

git-svn-2.39.1-1.el9.noarch.rpm

SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e

gitk-2.39.1-1.el9.noarch.rpm

SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968

gitweb-2.39.1-1.el9.noarch.rpm

SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2

perl-Git-2.39.1-1.el9.noarch.rpm

SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5

perl-Git-SVN-2.39.1-1.el9.noarch.rpm

SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03

Red Hat Enterprise Linux for Power, little endian 9

SRPM

git-2.39.1-1.el9.src.rpm

SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e

ppc64le

git-2.39.1-1.el9.ppc64le.rpm

SHA-256: 5df17a38c3268f49190db7040cd0785beab1f2e46f6c7448bb668910c59f9af7

git-all-2.39.1-1.el9.noarch.rpm

SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7

git-core-2.39.1-1.el9.ppc64le.rpm

SHA-256: db3be6cbe6dea5f2732e4bfc39460f1772a84dc147227ff10229ce407babdad0

git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm

SHA-256: 6d93824f443c040987b5f9876fe6accf4318d2f961d919171597cea39c312b8d

git-core-doc-2.39.1-1.el9.noarch.rpm

SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5

git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm

SHA-256: f2f3bd542919730f2ee88fae987d7890696a78577eea784dac9e7771706a751f

git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm

SHA-256: 60464d75f913224c02ed10aba37e15d6be0480b250c5bb1f556c0dfd1597e8ab

git-daemon-2.39.1-1.el9.ppc64le.rpm

SHA-256: 5ba914670d592abc432f2a6e23452d1c994e638d3593fde0928dffec926ac9a2

git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm

SHA-256: 750b87b8a8577f544fd9fa79dcd47866f321c0cb54727027e651a8398e0c5066

git-debuginfo-2.39.1-1.el9.ppc64le.rpm

SHA-256: ed5a5b5ddd99ec0d639ab316c41293234249216c41714bd963804884ec6032b2

git-debugsource-2.39.1-1.el9.ppc64le.rpm

SHA-256: 8b465f8bcfcdba6ce203c3a6a7b629be7431a1d623b15eb5f979b29402787698

git-email-2.39.1-1.el9.noarch.rpm

SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f

git-gui-2.39.1-1.el9.noarch.rpm

SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d

git-instaweb-2.39.1-1.el9.noarch.rpm

SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b

git-subtree-2.39.1-1.el9.ppc64le.rpm

SHA-256: 27e51ab90ffb5f09aef55730b7d848e949c4619fc237f9f3da3a66a66cd22c36

git-svn-2.39.1-1.el9.noarch.rpm

SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e

gitk-2.39.1-1.el9.noarch.rpm

SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968

gitweb-2.39.1-1.el9.noarch.rpm

SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2

perl-Git-2.39.1-1.el9.noarch.rpm

SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5

perl-Git-SVN-2.39.1-1.el9.noarch.rpm

SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03

Red Hat Enterprise Linux for ARM 64 9

SRPM

git-2.39.1-1.el9.src.rpm

SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e

aarch64

git-2.39.1-1.el9.aarch64.rpm

SHA-256: 3f77fff37c5f2e32d544f30fdfb45584d2107ffa5e5ff8a9181d75d0930cd341

git-all-2.39.1-1.el9.noarch.rpm

SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7

git-core-2.39.1-1.el9.aarch64.rpm

SHA-256: 957575d111e31bf8d5126fa10da6dfcdd753147ce920abb6e16b21669430f703

git-core-debuginfo-2.39.1-1.el9.aarch64.rpm

SHA-256: f08dd6ec6a6c3074285600f046ee80824e4ec246d9fae1aa1cf78418eacd5cc9

git-core-doc-2.39.1-1.el9.noarch.rpm

SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5

git-credential-libsecret-2.39.1-1.el9.aarch64.rpm

SHA-256: 6a39598dbafc481f8719ae6d8dd7901e811f75c779a139948ee51396735565c3

git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm

SHA-256: fed232809cff4064e9996973a30c427f91acc773d9cb2e4108f281febbcfad4d

git-daemon-2.39.1-1.el9.aarch64.rpm

SHA-256: ab4df346a7cc7f97eb8d5dd2f8e1d2ff6410037cf93c7177f82725405051b24f

git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm

SHA-256: e695e872c638c1c2f363ba5f56e7c2a8194830abd9c8b193477664a3dc57dc6a

git-debuginfo-2.39.1-1.el9.aarch64.rpm

SHA-256: c0408e4737877e1744c0cc0e582d8d57c81a1f21f1d5ace34ff113aa42c0e77b

git-debugsource-2.39.1-1.el9.aarch64.rpm

SHA-256: 7487250b6d2c16cca6bddf1c7ad12d768444249a33926c666faf2ff741177fad

git-email-2.39.1-1.el9.noarch.rpm

SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f

git-gui-2.39.1-1.el9.noarch.rpm

SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d

git-instaweb-2.39.1-1.el9.noarch.rpm

SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b

git-subtree-2.39.1-1.el9.aarch64.rpm

SHA-256: 25ac04d018c9320af3f1133b10bbe6b0223ce6aaa65450e8d601ff2a94004070

git-svn-2.39.1-1.el9.noarch.rpm

SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e

gitk-2.39.1-1.el9.noarch.rpm

SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968

gitweb-2.39.1-1.el9.noarch.rpm

SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2

perl-Git-2.39.1-1.el9.noarch.rpm

SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5

perl-Git-SVN-2.39.1-1.el9.noarch.rpm

SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03

Related news

Gentoo Linux Security Advisory 202401-17

Gentoo Linux Security Advisory 202401-17 - A vulnerability has been found in libgit2 which could result in privilege escalation. Versions greater than or equal to 1.4.4 are affected.

Gentoo Linux Security Advisory 202312-15

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

RHSA-2023:2859: Red Hat Security Advisory: git security and bug fix update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24765: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository. * CVE-2022-29187: A vu...

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

Ubuntu Security Notice USN-5686-4

Ubuntu Security Notice 5686-4 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

CVE-2023-22490: GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration.

CVE-2023-0628: Docker Desktop release notes

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

CVE-2022-42797: About the security content of Xcode 14.1

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

CVE-2022-42797: About the security content of Xcode 14.1

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

CVE-2022-42797: About the security content of Xcode 14.1

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Ubuntu Security Notice USN-5686-3

Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

Ubuntu Security Notice USN-5686-3

Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

Ubuntu Security Notice USN-5686-2

Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

CVE-2022-39260: Heap overflow in `git shell` leading to RCE

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term...

CVE-2022-39253: Local clone optimization dereferences symbolic links by default

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` d...

Ubuntu Security Notice USN-5686-1

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

Ubuntu Security Notice USN-5686-1

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

Ubuntu Security Notice USN-5511-1

Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.

Ubuntu Security Notice USN-5511-1

Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.

CVE-2022-31012: Release Git for Windows 2.37.1 · git-for-windows/git

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.

CVE-2022-29187: Git security vulnerability announced | The GitHub Blog

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

CVE-2022-29187: Git security vulnerability announced | The GitHub Blog

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

CVE-2022-26747: About the security content of Xcode 13.4

This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.

Apple Security Advisory 2022-05-16-8

Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access fro...

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.