Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0628: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted .gitattributes file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution.
  • CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::format_and_pad_commit(), where asize_tis stored improperly as anint, and then added as an offset to amemcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,git log --format=…`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#rce#perl#ibm#sap

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: gitattributes parsing integer overflow (CVE-2022-23521)
  • git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
  • BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

x86_64

git-2.31.1-3.el8_6.x86_64.rpm

SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72

git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002

git-daemon-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9

git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a

git-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21

git-debugsource-2.31.1-3.el8_6.x86_64.rpm

SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

x86_64

git-2.31.1-3.el8_6.x86_64.rpm

SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72

git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002

git-daemon-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9

git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a

git-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21

git-debugsource-2.31.1-3.el8_6.x86_64.rpm

SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

s390x

git-2.31.1-3.el8_6.s390x.rpm

SHA-256: 9d45d7849e6c4c145a19b58f15bb4cfe06d7f5a7f64a016c2ff0f731303b95d3

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.s390x.rpm

SHA-256: 64c798da5221c067e40d8572914d8251a54a99672cff74050d26c131b7980eef

git-core-debuginfo-2.31.1-3.el8_6.s390x.rpm

SHA-256: f3752734571d30de09b13d14401b8aa9d62d1133631e60b11b23e40163e40d8e

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.s390x.rpm

SHA-256: 24a8c3567e6abece1835b76b2e192591874bd15a37ca3800f37d85be76f47ecc

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.s390x.rpm

SHA-256: c6e0acc78c14f2a690c8d0a6c69a4d027c113d0fd8b36bdad983e8b2814c52c4

git-daemon-2.31.1-3.el8_6.s390x.rpm

SHA-256: b0829ca9d0093f076bbaac63075412913d140e1b840d29edebe343df401b4580

git-daemon-debuginfo-2.31.1-3.el8_6.s390x.rpm

SHA-256: 41e08dcc91e4c99ae77c12ef929487ee774ccd989c8a0024e911b7eb7105e371

git-debuginfo-2.31.1-3.el8_6.s390x.rpm

SHA-256: 793c3e2118e1f9807679ea74b77adc85564c13a26e281f2ddcf3951ea5658544

git-debugsource-2.31.1-3.el8_6.s390x.rpm

SHA-256: ba3c13f7a0007b0cea8d01edaa613bbde535f1ac48d5cfd655624fecac89f454

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.s390x.rpm

SHA-256: fadb4cc8608b3bef25f29d1b0cd45f2d623263bf6a43f4b85934e8fceaf1ae05

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

ppc64le

git-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 0f73906df63492a46844070eb32981bddb4d36abd403980f89147394aafa89e9

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 7c4b2a0f3da542141c8b9d821321e79fcef4af443475d0b3ab95d75ea379e980

git-core-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: c256c31d6135416ce7590704e69c93d829ff53abf9c25ac73b70c01d20e43578

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 5b9a7dbae28e975571b95364e7deaebc15fcf4e94199e08f2146045bc289ec52

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: b2fb7d06ce58e4ab02bcd572b8eac61001a9bcc30325b48049e043a954cdd35e

git-daemon-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: eba3f58cfa4bc8dcd5eab8608591b09f555fda2ef7f2b3e10dd0e4f58cfd5de9

git-daemon-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: a48477a72f4c0124ee042bab4dd09b8c9b301a98150b9f6794074752fd010891

git-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 4924e8d4f67a0bcfe9d13ad01fa0c6c1c566110eb32d031dd49301f49b7afa48

git-debugsource-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: a39ed2961c0da5b7f13206403f7e51417921ca318e195f3a1315268ed78b2788

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 1bb87ad6ef8170f4f741ca45b4ba7b68f65197e9f0afe1c019ce6758f327ce70

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

x86_64

git-2.31.1-3.el8_6.x86_64.rpm

SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72

git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002

git-daemon-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9

git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a

git-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21

git-debugsource-2.31.1-3.el8_6.x86_64.rpm

SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

aarch64

git-2.31.1-3.el8_6.aarch64.rpm

SHA-256: f50fc28952c896a6df01f7fdb406edc9a8751e3041cfdb22087810c6f6b493e0

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 2d448580ae39c4d3f6323038ba403919ee6a95f495877009c14d8ea0ff833a9b

git-core-debuginfo-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 348ff604a7b71d2fd4e76c6e6fc98c1c6d5875049cbe8134f549b9a574f8ab36

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.aarch64.rpm

SHA-256: f8351206a6254dbd40f1c57e72b55907c789682579eab07a4eb6a2277ac103ad

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 875e6db521a4fc03986d61f50b09fb04bf1bf8052d813eb39e3ca09ce4818577

git-daemon-2.31.1-3.el8_6.aarch64.rpm

SHA-256: f527b2df89a862cc79a73a147a3801a8065ce164230a1ff1bec4c88701616ca1

git-daemon-debuginfo-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 3d932a8a44610948b447b1afb920818207564010e567c448a1b3adea3f624e6f

git-debuginfo-2.31.1-3.el8_6.aarch64.rpm

SHA-256: eba49e5c1d01b1271cc8c16e45fd00a73a6febe416a2f05cf752e351729c870d

git-debugsource-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 09f14e96496b583deb288fb625994ef43d974926f346fc4d2a027b6d7a0e33a8

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.aarch64.rpm

SHA-256: 7500036ecb82953a06dc2166519571bdfb489bb5be137d194f348040c615ec04

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

ppc64le

git-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 0f73906df63492a46844070eb32981bddb4d36abd403980f89147394aafa89e9

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 7c4b2a0f3da542141c8b9d821321e79fcef4af443475d0b3ab95d75ea379e980

git-core-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: c256c31d6135416ce7590704e69c93d829ff53abf9c25ac73b70c01d20e43578

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 5b9a7dbae28e975571b95364e7deaebc15fcf4e94199e08f2146045bc289ec52

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: b2fb7d06ce58e4ab02bcd572b8eac61001a9bcc30325b48049e043a954cdd35e

git-daemon-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: eba3f58cfa4bc8dcd5eab8608591b09f555fda2ef7f2b3e10dd0e4f58cfd5de9

git-daemon-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: a48477a72f4c0124ee042bab4dd09b8c9b301a98150b9f6794074752fd010891

git-debuginfo-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 4924e8d4f67a0bcfe9d13ad01fa0c6c1c566110eb32d031dd49301f49b7afa48

git-debugsource-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: a39ed2961c0da5b7f13206403f7e51417921ca318e195f3a1315268ed78b2788

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.ppc64le.rpm

SHA-256: 1bb87ad6ef8170f4f741ca45b4ba7b68f65197e9f0afe1c019ce6758f327ce70

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

git-2.31.1-3.el8_6.src.rpm

SHA-256: e37d880b181dbc9be3fe5b8f1f91a92f95da8940a526ae968ab55f9e19531f16

x86_64

git-2.31.1-3.el8_6.x86_64.rpm

SHA-256: ef377a9b7893cc1d079614e22ddd6b76217c97911a454e96fd0a374b8247055c

git-all-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2690e3a90138ad2fe3c7a1f47b22a1f0871f57632f040b91bd4dbb8ac015990c

git-core-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 22a51bb88e91fc91774872b50e434b5a71ca6200a6757c0d14cf801336992f72

git-core-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 9b7977c21f6ebadb4f72db29a2d1823df0b71a25934a1105d34952dd8da6daf8

git-core-doc-2.31.1-3.el8_6.noarch.rpm

SHA-256: a67415638543bb6daa9ddbfae97144f523e2f6fc554da37f090b15e6c4478abe

git-credential-libsecret-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 3c57d39ceb844249e03d5f9e2537f1a9fd4540f63030eae6b76ddd56d8c42cc9

git-credential-libsecret-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: e9f8a22d6fbdbd18a8e282153e23ccb63f4f3dec08cc3d19dbc84d45ee42e002

git-daemon-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 15cd2b3dd6785692dfced715ef1b75c5e886392c473e1b51b2915a6d9907c6f9

git-daemon-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: b5ac38bf762ebe59693f5eb21e43411d24b9341bf1cbe805a358435baee28f4a

git-debuginfo-2.31.1-3.el8_6.x86_64.rpm

SHA-256: d99eb0dd7868a7237fd232472dd9864cb6f50af47d568e102b8e32e05713ab21

git-debugsource-2.31.1-3.el8_6.x86_64.rpm

SHA-256: fa5703ec751afddba2d58a8d4d29b589fda5f98b8aeccca0cc2f95febbbcaacd

git-email-2.31.1-3.el8_6.noarch.rpm

SHA-256: 777159bd5bc0a62610c1260f62f92586769d3b0a880ce534934fb8c7f3c6a5e7

git-gui-2.31.1-3.el8_6.noarch.rpm

SHA-256: 14bba55918e835455aa1781af216881784ab57e1948da64940d513add86f3015

git-instaweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 79e89fbe19b2ef826378c8b84a9588a512c218626bb6d2b338a15a0872849e40

git-subtree-2.31.1-3.el8_6.x86_64.rpm

SHA-256: 6eb802e5f80b877fc518b6f1e004ff6efb845ff9aaee856ac5cf9924e1f91a93

git-svn-2.31.1-3.el8_6.noarch.rpm

SHA-256: e8fa1b652ea638a4b6f26814f2e7a9843a1b6853e2b7301690d449031a7a863c

gitk-2.31.1-3.el8_6.noarch.rpm

SHA-256: af0289f9dcf04b05fa3fc8c184d30cee17a2c1f442a14422c0df2090dea4380f

gitweb-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2ac33d2f7cb97dfc007b4376fa75ea081d92316339b3be19689fdb18ec3e9c43

perl-Git-2.31.1-3.el8_6.noarch.rpm

SHA-256: 9a023892dcb84ed71c0eaa1c18552fc0ad974c76713ca13c759c0684656410d3

perl-Git-SVN-2.31.1-3.el8_6.noarch.rpm

SHA-256: 2c19ac63a212f7253ada5819142db980abb100a6122db3e125ef914046e30be6

Related news

CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-0895-01

Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

RHSA-2023:0774: Red Hat Security Advisory: OpenShift Container Platform 4.11.28 security update

Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

RHSA-2023:0769: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...

Red Hat Security Advisory 2023-0802-01

Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-0633-01

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0698: Red Hat Security Advisory: OpenShift Container Platform 4.10.52 security update

Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

Red Hat Security Advisory 2023-0627-01

Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0628-01

Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0599-01

Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0599-01

Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0596-01

Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0610-01

Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0610-01

Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0611-01

Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0611-01

Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0610: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0611: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0609: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...

RHSA-2023:0599: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...

RHSA-2023:0599: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be tri...

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5810-1

Ubuntu Security Notice 5810-1 - Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

CVE-2022-41903: Heap overflow in `git archive`, `git log --format` leading to RCE

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u...