Headline
RHSA-2023:0628: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted
.gitattributes
file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution. - CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::format_and_pad_commit()
, where a
size_tis stored improperly as an
int, and then added as an offset to a
memcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,
git log --format=…`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: gitattributes parsing integer overflow (CVE-2022-23521)
- git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
- BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
x86_64
git-2.31.1-3.el8_6.x86_64.rpm
SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72
git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002
git-daemon-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9
git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a
git-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21
git-debugsource-2.31.1-3.el8_6.x86_64.rpm
SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
x86_64
git-2.31.1-3.el8_6.x86_64.rpm
SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72
git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002
git-daemon-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9
git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a
git-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21
git-debugsource-2.31.1-3.el8_6.x86_64.rpm
SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
s390x
git-2.31.1-3.el8_6.s390x.rpm
SHA-256: 9d45d7849e6c4c145a19b58f15bb4cfe06d7f5a7f64a016c2ff0f731303b95d3
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.s390x.rpm
SHA-256: 64c798da5221c067e40d8572914d8251a54a99672cff74050d26c131b7980eef
git-core-debuginfo-2.31.1-3.el8_6.s390x.rpm
SHA-256: f3752734571d30de09b13d14401b8aa9d62d1133631e60b11b23e40163e40d8e
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.s390x.rpm
SHA-256: 24a8c3567e6abece1835b76b2e192591874bd15a37ca3800f37d85be76f47ecc
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.s390x.rpm
SHA-256: c6e0acc78c14f2a690c8d0a6c69a4d027c113d0fd8b36bdad983e8b2814c52c4
git-daemon-2.31.1-3.el8_6.s390x.rpm
SHA-256: b0829ca9d0093f076bbaac63075412913d140e1b840d29edebe343df401b4580
git-daemon-debuginfo-2.31.1-3.el8_6.s390x.rpm
SHA-256: 41e08dcc91e4c99ae77c12ef929487ee774ccd989c8a0024e911b7eb7105e371
git-debuginfo-2.31.1-3.el8_6.s390x.rpm
SHA-256: 793c3e2118e1f9807679ea74b77adc85564c13a26e281f2ddcf3951ea5658544
git-debugsource-2.31.1-3.el8_6.s390x.rpm
SHA-256: ba3c13f7a0007b0cea8d01edaa613bbde535f1ac48d5cfd655624fecac89f454
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.s390x.rpm
SHA-256: fadb4cc8608b3bef25f29d1b0cd45f2d623263bf6a43f4b85934e8fceaf1ae05
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
ppc64le
git-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 0f73906df63492a46844070eb32981bddb4d36abd403980f89147394aafa89e9
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 7c4b2a0f3da542141c8b9d821321e79fcef4af443475d0b3ab95d75ea379e980
git-core-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: c256c31d6135416ce7590704e69c93d829ff53abf9c25ac73b70c01d20e43578
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 5b9a7dbae28e975571b95364e7deaebc15fcf4e94199e08f2146045bc289ec52
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: b2fb7d06ce58e4ab02bcd572b8eac61001a9bcc30325b48049e043a954cdd35e
git-daemon-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: eba3f58cfa4bc8dcd5eab8608591b09f555fda2ef7f2b3e10dd0e4f58cfd5de9
git-daemon-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: a48477a72f4c0124ee042bab4dd09b8c9b301a98150b9f6794074752fd010891
git-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 4924e8d4f67a0bcfe9d13ad01fa0c6c1c566110eb32d031dd49301f49b7afa48
git-debugsource-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: a39ed2961c0da5b7f13206403f7e51417921ca318e195f3a1315268ed78b2788
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 1bb87ad6ef8170f4f741ca45b4ba7b68f65197e9f0afe1c019ce6758f327ce70
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
x86_64
git-2.31.1-3.el8_6.x86_64.rpm
SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72
git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002
git-daemon-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9
git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a
git-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21
git-debugsource-2.31.1-3.el8_6.x86_64.rpm
SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
aarch64
git-2.31.1-3.el8_6.aarch64.rpm
SHA-256: f50fc28952c896a6df01f7fdb406edc9a8751e3041cfdb22087810c6f6b493e0
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 2d448580ae39c4d3f6323038ba403919ee6a95f495877009c14d8ea0ff833a9b
git-core-debuginfo-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 348ff604a7b71d2fd4e76c6e6fc98c1c6d5875049cbe8134f549b9a574f8ab36
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.aarch64.rpm
SHA-256: f8351206a6254dbd40f1c57e72b55907c789682579eab07a4eb6a2277ac103ad
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 875e6db521a4fc03986d61f50b09fb04bf1bf8052d813eb39e3ca09ce4818577
git-daemon-2.31.1-3.el8_6.aarch64.rpm
SHA-256: f527b2df89a862cc79a73a147a3801a8065ce164230a1ff1bec4c88701616ca1
git-daemon-debuginfo-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 3d932a8a44610948b447b1afb920818207564010e567c448a1b3adea3f624e6f
git-debuginfo-2.31.1-3.el8_6.aarch64.rpm
SHA-256: eba49e5c1d01b1271cc8c16e45fd00a73a6febe416a2f05cf752e351729c870d
git-debugsource-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 09f14e96496b583deb288fb625994ef43d974926f346fc4d2a027b6d7a0e33a8
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.aarch64.rpm
SHA-256: 7500036ecb82953a06dc2166519571bdfb489bb5be137d194f348040c615ec04
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
ppc64le
git-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 0f73906df63492a46844070eb32981bddb4d36abd403980f89147394aafa89e9
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 7c4b2a0f3da542141c8b9d821321e79fcef4af443475d0b3ab95d75ea379e980
git-core-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: c256c31d6135416ce7590704e69c93d829ff53abf9c25ac73b70c01d20e43578
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 5b9a7dbae28e975571b95364e7deaebc15fcf4e94199e08f2146045bc289ec52
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: b2fb7d06ce58e4ab02bcd572b8eac61001a9bcc30325b48049e043a954cdd35e
git-daemon-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: eba3f58cfa4bc8dcd5eab8608591b09f555fda2ef7f2b3e10dd0e4f58cfd5de9
git-daemon-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: a48477a72f4c0124ee042bab4dd09b8c9b301a98150b9f6794074752fd010891
git-debuginfo-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 4924e8d4f67a0bcfe9d13ad01fa0c6c1c566110eb32d031dd49301f49b7afa48
git-debugsource-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: a39ed2961c0da5b7f13206403f7e51417921ca318e195f3a1315268ed78b2788
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.ppc64le.rpm
SHA-256: 1bb87ad6ef8170f4f741ca45b4ba7b68f65197e9f0afe1c019ce6758f327ce70
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
git-2.31.1-3.el8_6.src.rpm
SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16
x86_64
git-2.31.1-3.el8_6.x86_64.rpm
SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c
git-all-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c
git-core-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72
git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8
git-core-doc-2.31.1-3.el8_6.noarch.rpm
SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe
git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9
git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002
git-daemon-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9
git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a
git-debuginfo-2.31.1-3.el8_6.x86_64.rpm
SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21
git-debugsource-2.31.1-3.el8_6.x86_64.rpm
SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd
git-email-2.31.1-3.el8_6.noarch.rpm
SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7
git-gui-2.31.1-3.el8_6.noarch.rpm
SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015
git-instaweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40
git-subtree-2.31.1-3.el8_6.x86_64.rpm
SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93
git-svn-2.31.1-3.el8_6.noarch.rpm
SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c
gitk-2.31.1-3.el8_6.noarch.rpm
SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f
gitweb-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43
perl-Git-2.31.1-3.el8_6.noarch.rpm
SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3
perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm
SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6
Related news
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...
Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...
Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.
Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.
Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u...