Headline
RHSA-2023:2319: Red Hat Security Advisory: git security and bug fix update
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24765: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.
- CVE-2022-29187: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.
- CVE-2022-39253: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source’s
$GIT_DIR/objects
directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via--no-hardlinks
). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim’s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the--recurse-submodules
option. Git does not create symbolic links in the$GIT_DIR/objects
directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the--local
optimization when on a shared machine, either by passing the--no-local
option togit clone
or cloning from a URL that uses thefile://
scheme. Alternatively, avoid cloning repositories from untrusted sources with--recurse-submodules
or rungit config --global protocol.file.allow user
. - CVE-2022-39260: Git is an open source, scalable, distributed revision control system.
git shell
is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses anint
to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed toexecv()
, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access togit shell
as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disablinggit shell
access via remote logins is a viable short-term workaround.
概述
Moderate: git security and bug fix update
类型/严重性
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for git is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
- git: Bypass of safe.directory protections (CVE-2022-29187)
- git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
- git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
受影响的产品
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
修复
- BZ - 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
- BZ - 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections
- BZ - 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor
- BZ - 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes.
- BZ - 2139379 - Rebase git to 2.39 version [rhel-9.2]
CVE
- CVE-2022-24765
- CVE-2022-29187
- CVE-2022-39253
- CVE-2022-39260
参考
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
git-2.39.1-1.el9.src.rpm
SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e
x86_64
git-2.39.1-1.el9.x86_64.rpm
SHA-256: 8d8b7be4eaf874004c9ca01c2b05d15ee9d1aa0445da8e48e33d980ef3023a93
git-all-2.39.1-1.el9.noarch.rpm
SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7
git-core-2.39.1-1.el9.x86_64.rpm
SHA-256: b24c880aa28e52ab406bfb203d5e19d5681b70ebe3c7e3cc5bcf4371827e0647
git-core-debuginfo-2.39.1-1.el9.x86_64.rpm
SHA-256: 04cb4c39d5a8c839705f881703caf29194f7b90aab476b666764cb1bdeaa9eb8
git-core-doc-2.39.1-1.el9.noarch.rpm
SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5
git-credential-libsecret-2.39.1-1.el9.x86_64.rpm
SHA-256: 3e068a6eda2fa439dafef7affc4f18de1b4cd5a2fad7090eb5538b1f1f4a01f7
git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm
SHA-256: 613536e554e337c4b0ca23fcf0e7c226fe1db2174f3c13247abd9bbc722f8c41
git-daemon-2.39.1-1.el9.x86_64.rpm
SHA-256: 31c6b7a6a59b217f85b98be89a09d883f00fa76e07f3fe2dff32cf70de07bd6e
git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm
SHA-256: 447751ca5429f4cb17d7b84a981b19ca1b3dbbc0cf96e59e8ede6640ed4e7c79
git-debuginfo-2.39.1-1.el9.x86_64.rpm
SHA-256: a7247b8a93bf1633e71b270ef2315ea660c31df13669d43928f56ef92680a4be
git-debugsource-2.39.1-1.el9.x86_64.rpm
SHA-256: cf52708ba109a6ff97fa78d0f06847da277e544c8aaf7aef39e8eca682da7097
git-email-2.39.1-1.el9.noarch.rpm
SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f
git-gui-2.39.1-1.el9.noarch.rpm
SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d
git-instaweb-2.39.1-1.el9.noarch.rpm
SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b
git-subtree-2.39.1-1.el9.x86_64.rpm
SHA-256: 22b5252e0d55667216e9eb39e1401a195cdeb8e2f51d8914a83b1842a8d0a2f0
git-svn-2.39.1-1.el9.noarch.rpm
SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e
gitk-2.39.1-1.el9.noarch.rpm
SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968
gitweb-2.39.1-1.el9.noarch.rpm
SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2
perl-Git-2.39.1-1.el9.noarch.rpm
SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5
perl-Git-SVN-2.39.1-1.el9.noarch.rpm
SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
git-2.39.1-1.el9.src.rpm
SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e
s390x
git-2.39.1-1.el9.s390x.rpm
SHA-256: 74c09b19a42a200ac0888bae710ffc8b27da8f664fbd949afc25d24172e5794a
git-all-2.39.1-1.el9.noarch.rpm
SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7
git-core-2.39.1-1.el9.s390x.rpm
SHA-256: 571c62450493b332d2c30adf0174e568a5a987fcecf98bb6a5844699407bc88e
git-core-debuginfo-2.39.1-1.el9.s390x.rpm
SHA-256: 6d7e0794dff7775f693cae8cc6601b36bc96cbb944db22e7a6344f68e2818c53
git-core-doc-2.39.1-1.el9.noarch.rpm
SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5
git-credential-libsecret-2.39.1-1.el9.s390x.rpm
SHA-256: c11d2bf2d41cb649035c9cb52dc77fee99b1fcaf64c285fd925d6d04d0870664
git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm
SHA-256: fb95ad6d8e8af4091d3953cec1dff095b52c26facc6d24947b1bb21a155bcd41
git-daemon-2.39.1-1.el9.s390x.rpm
SHA-256: 3072da5493f04949437eeeb273c7a3cf27175cef94194cd6077d8f1620596af1
git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm
SHA-256: e107e35458daa7c662cae3e28eb074880b54bf5debcd5f960c31d3377b28e1a0
git-debuginfo-2.39.1-1.el9.s390x.rpm
SHA-256: 82a460cf73c91743698b6e6677e22bf58ddc92202325e660a0c1ebce1c9f9476
git-debugsource-2.39.1-1.el9.s390x.rpm
SHA-256: c9f73716edc1326d51aaee712a51d7e8342963534227176b269a6da8b449ddca
git-email-2.39.1-1.el9.noarch.rpm
SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f
git-gui-2.39.1-1.el9.noarch.rpm
SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d
git-instaweb-2.39.1-1.el9.noarch.rpm
SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b
git-subtree-2.39.1-1.el9.s390x.rpm
SHA-256: 36a2f0e8cf388c4a39588a67fff125f853bf5080ed72891600d2b96df4750231
git-svn-2.39.1-1.el9.noarch.rpm
SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e
gitk-2.39.1-1.el9.noarch.rpm
SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968
gitweb-2.39.1-1.el9.noarch.rpm
SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2
perl-Git-2.39.1-1.el9.noarch.rpm
SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5
perl-Git-SVN-2.39.1-1.el9.noarch.rpm
SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03
Red Hat Enterprise Linux for Power, little endian 9
SRPM
git-2.39.1-1.el9.src.rpm
SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e
ppc64le
git-2.39.1-1.el9.ppc64le.rpm
SHA-256: 5df17a38c3268f49190db7040cd0785beab1f2e46f6c7448bb668910c59f9af7
git-all-2.39.1-1.el9.noarch.rpm
SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7
git-core-2.39.1-1.el9.ppc64le.rpm
SHA-256: db3be6cbe6dea5f2732e4bfc39460f1772a84dc147227ff10229ce407babdad0
git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm
SHA-256: 6d93824f443c040987b5f9876fe6accf4318d2f961d919171597cea39c312b8d
git-core-doc-2.39.1-1.el9.noarch.rpm
SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5
git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm
SHA-256: f2f3bd542919730f2ee88fae987d7890696a78577eea784dac9e7771706a751f
git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm
SHA-256: 60464d75f913224c02ed10aba37e15d6be0480b250c5bb1f556c0dfd1597e8ab
git-daemon-2.39.1-1.el9.ppc64le.rpm
SHA-256: 5ba914670d592abc432f2a6e23452d1c994e638d3593fde0928dffec926ac9a2
git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm
SHA-256: 750b87b8a8577f544fd9fa79dcd47866f321c0cb54727027e651a8398e0c5066
git-debuginfo-2.39.1-1.el9.ppc64le.rpm
SHA-256: ed5a5b5ddd99ec0d639ab316c41293234249216c41714bd963804884ec6032b2
git-debugsource-2.39.1-1.el9.ppc64le.rpm
SHA-256: 8b465f8bcfcdba6ce203c3a6a7b629be7431a1d623b15eb5f979b29402787698
git-email-2.39.1-1.el9.noarch.rpm
SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f
git-gui-2.39.1-1.el9.noarch.rpm
SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d
git-instaweb-2.39.1-1.el9.noarch.rpm
SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b
git-subtree-2.39.1-1.el9.ppc64le.rpm
SHA-256: 27e51ab90ffb5f09aef55730b7d848e949c4619fc237f9f3da3a66a66cd22c36
git-svn-2.39.1-1.el9.noarch.rpm
SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e
gitk-2.39.1-1.el9.noarch.rpm
SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968
gitweb-2.39.1-1.el9.noarch.rpm
SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2
perl-Git-2.39.1-1.el9.noarch.rpm
SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5
perl-Git-SVN-2.39.1-1.el9.noarch.rpm
SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03
Red Hat Enterprise Linux for ARM 64 9
SRPM
git-2.39.1-1.el9.src.rpm
SHA-256: 63cb770c7eb47748f9770d1a2c91062d46530dfebe714fd3f968b0ee883f0d7e
aarch64
git-2.39.1-1.el9.aarch64.rpm
SHA-256: 3f77fff37c5f2e32d544f30fdfb45584d2107ffa5e5ff8a9181d75d0930cd341
git-all-2.39.1-1.el9.noarch.rpm
SHA-256: 4215f0dd0ebb0accef88500e2f3ebf127b515df68f0781aa05da5d41280ceeb7
git-core-2.39.1-1.el9.aarch64.rpm
SHA-256: 957575d111e31bf8d5126fa10da6dfcdd753147ce920abb6e16b21669430f703
git-core-debuginfo-2.39.1-1.el9.aarch64.rpm
SHA-256: f08dd6ec6a6c3074285600f046ee80824e4ec246d9fae1aa1cf78418eacd5cc9
git-core-doc-2.39.1-1.el9.noarch.rpm
SHA-256: 358ee718498d3218c00a2365068a933cc4351485461398095b5430e1d17a44f5
git-credential-libsecret-2.39.1-1.el9.aarch64.rpm
SHA-256: 6a39598dbafc481f8719ae6d8dd7901e811f75c779a139948ee51396735565c3
git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm
SHA-256: fed232809cff4064e9996973a30c427f91acc773d9cb2e4108f281febbcfad4d
git-daemon-2.39.1-1.el9.aarch64.rpm
SHA-256: ab4df346a7cc7f97eb8d5dd2f8e1d2ff6410037cf93c7177f82725405051b24f
git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm
SHA-256: e695e872c638c1c2f363ba5f56e7c2a8194830abd9c8b193477664a3dc57dc6a
git-debuginfo-2.39.1-1.el9.aarch64.rpm
SHA-256: c0408e4737877e1744c0cc0e582d8d57c81a1f21f1d5ace34ff113aa42c0e77b
git-debugsource-2.39.1-1.el9.aarch64.rpm
SHA-256: 7487250b6d2c16cca6bddf1c7ad12d768444249a33926c666faf2ff741177fad
git-email-2.39.1-1.el9.noarch.rpm
SHA-256: cd849cc5dec46e1c9132729cbab7d646f0324f3d578354fc985c553652cd105f
git-gui-2.39.1-1.el9.noarch.rpm
SHA-256: 6cca7b3673a6a94f79b0e80a0b4e923b6d653827f95774edbcf90bf9464cc41d
git-instaweb-2.39.1-1.el9.noarch.rpm
SHA-256: 58e919777feb88a8393e2a9b0de54524bcca4ac4ddd7449ff1743e563533036b
git-subtree-2.39.1-1.el9.aarch64.rpm
SHA-256: 25ac04d018c9320af3f1133b10bbe6b0223ce6aaa65450e8d601ff2a94004070
git-svn-2.39.1-1.el9.noarch.rpm
SHA-256: 02b759cf602a499f921e6e97bbb940ff36430829d2cbc41a7a4746a0bf5bcb4e
gitk-2.39.1-1.el9.noarch.rpm
SHA-256: b5ee54065472427e16d89e8d969eb5d74e738c828a8a32e82489ac1d767b4968
gitweb-2.39.1-1.el9.noarch.rpm
SHA-256: efc9fde412add478e9caef5551111a0f6cf8402e202473168420d40969fd32c2
perl-Git-2.39.1-1.el9.noarch.rpm
SHA-256: c0c280d367adeab9892e3f9ce823a0385b23b73c26ac336c3ec4fad2b24058b5
perl-Git-SVN-2.39.1-1.el9.noarch.rpm
SHA-256: 073adeda9036c710d5485c4dec8752262947728fbd330cd6845fcba27086dd03
Related news
Gentoo Linux Security Advisory 202401-17 - A vulnerability has been found in libgit2 which could result in privilege escalation. Versions greater than or equal to 1.4.4 are affected.
Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24765: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository. * CVE-2022-29187: A vu...
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Ubuntu Security Notice 5686-4 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.
**What type of information could be disclosed by this vulnerability?** This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration.
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.
Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.
Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term...
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` d...
Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.
Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.
Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.
Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.
Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access fro...
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.