Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3243: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.
  • CVE-2023-25815: A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.
  • CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#perl#ibm#sap

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
  • git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
  • git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
  • BZ - 2188337 - CVE-2023-25815 git: malicious placement of crafted messages when git was compiled with runtime prefix
  • BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

x86_64

git-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 23c877a11ed9c609d3a3482ae4ef43f69aeb0738e2d917d81335692e51cb64c6

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 918ee827e2e929e4b593e051aa7f0572e76b2072bfbda4853c69c455b26bed98

git-core-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 9c05877b02d98bc65ba9f4e733918cb2a6ca2343fadf8c111417682e9d7929e3

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 7590682a74204dae3394169f75946a5090a6e175f9a799f9618de0a66adfc94e

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 5ef15e8947175de9ed7e3bd7647fd1ba2786a21f95c12cba20ea0173bebbc3c8

git-daemon-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 4b212457694ca1f5551a68b6d3a7b34ffd9ce5a5e0766ff16d6c2c96dd51f04a

git-daemon-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: b8f29e125e6382da41ac78ecf3b87257694c2c13f9965a5031803be814f92134

git-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: bf895d59287c45dfc269c7fedae5bd2977606638dc4784dfb73640d09ecdad36

git-debugsource-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8f0345465a35813e97bf31754c2165446b345f8da9aae8d7628b5ce77b7fe3bc

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8d59a616b4cc2cf58b306ed6d3525effddfc92af4ab7becc221262e082fa5272

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

x86_64

git-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 23c877a11ed9c609d3a3482ae4ef43f69aeb0738e2d917d81335692e51cb64c6

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 918ee827e2e929e4b593e051aa7f0572e76b2072bfbda4853c69c455b26bed98

git-core-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 9c05877b02d98bc65ba9f4e733918cb2a6ca2343fadf8c111417682e9d7929e3

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 7590682a74204dae3394169f75946a5090a6e175f9a799f9618de0a66adfc94e

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 5ef15e8947175de9ed7e3bd7647fd1ba2786a21f95c12cba20ea0173bebbc3c8

git-daemon-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 4b212457694ca1f5551a68b6d3a7b34ffd9ce5a5e0766ff16d6c2c96dd51f04a

git-daemon-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: b8f29e125e6382da41ac78ecf3b87257694c2c13f9965a5031803be814f92134

git-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: bf895d59287c45dfc269c7fedae5bd2977606638dc4784dfb73640d09ecdad36

git-debugsource-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8f0345465a35813e97bf31754c2165446b345f8da9aae8d7628b5ce77b7fe3bc

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8d59a616b4cc2cf58b306ed6d3525effddfc92af4ab7becc221262e082fa5272

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

s390x

git-2.27.0-4.el8_4.s390x.rpm

SHA-256: 47bb416b357fc32312353498e1cc61b19a1d9bd0c246d52528633d325485a109

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.s390x.rpm

SHA-256: b105927bc9d7f30415f36aa0fdceea6ee0f69019b7fb37f24cfe74ba4813f276

git-core-debuginfo-2.27.0-4.el8_4.s390x.rpm

SHA-256: 8e0e1dd37b4259cdf8e928eb117e6eb508073513b305d45a9f289c21e61c89bd

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.s390x.rpm

SHA-256: 463ca10dfb5f2ec7eaa86b3156a37267db3c679c958854c7dd5841c6e7baa4f4

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.s390x.rpm

SHA-256: 4e29f93f930983613f9cbcb40f600927e6824f70e142efd53325dfcd9123d48a

git-daemon-2.27.0-4.el8_4.s390x.rpm

SHA-256: 9f4d64320a91be5fd926e50f36edf84a3c5aaeaa30b3afc9ea173c6a9e8d8e0a

git-daemon-debuginfo-2.27.0-4.el8_4.s390x.rpm

SHA-256: b7bbf547a3307e9f08be9b45c92439b789981f63afdccfc0f8f31e4037e61c0a

git-debuginfo-2.27.0-4.el8_4.s390x.rpm

SHA-256: f7f12387a11ce959714f0e0eabc4080e296fb7914f92b6a77120f15c560e574e

git-debugsource-2.27.0-4.el8_4.s390x.rpm

SHA-256: 5f3b54de52c5b9b5f5c76d1f1320df45d983c52922fa6f4a8346ec85b60b05e0

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.s390x.rpm

SHA-256: bde24ab088abfdbefb215d67ed29d998f7e7f447507bac3695eea46bcbd28954

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

ppc64le

git-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 80a891483627f8ab1cd44604f959f7c93a682a4c9b54c0420e3aa7cfd61767aa

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 152a4abe81347cda4b9a6eaf0b3364a4249e0bfe75dfe30f45aa7a11256c259b

git-core-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 0644ed82f8efc809a4e34f328d452c473d2f6c3e319afa269e36c46b6975f0a7

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 3a0c2752ccf3d506b56c7ea37d411877e4fe536ed55f3c6ae3a60f41f713dc89

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: c90437b9f3590c33b7c58cba33c339f50eb7d11748a61a026bcd9304e1da8ff3

git-daemon-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: d6d7e370c57a8a25aca0f98da3a7a319068177a60ecbf79f2c0e0eaf2b4822a9

git-daemon-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: e6ec471b5faba7333b9563d0c7ee3b9c0618b1ca96f6feb7d01c94a568c631cf

git-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 947d556c4d6c9084f550f103e8912a4f4d9b170c853c7ede2222db055d91e03b

git-debugsource-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 3be811637571f5b37aa486f230fc33ff3e2d7246a320d2135f79f6297fa879ce

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: a53776b4d97b441aa8a113e38349b4ef98509e3e57dbeb38be96068d7d63db54

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

x86_64

git-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 23c877a11ed9c609d3a3482ae4ef43f69aeb0738e2d917d81335692e51cb64c6

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 918ee827e2e929e4b593e051aa7f0572e76b2072bfbda4853c69c455b26bed98

git-core-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 9c05877b02d98bc65ba9f4e733918cb2a6ca2343fadf8c111417682e9d7929e3

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 7590682a74204dae3394169f75946a5090a6e175f9a799f9618de0a66adfc94e

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 5ef15e8947175de9ed7e3bd7647fd1ba2786a21f95c12cba20ea0173bebbc3c8

git-daemon-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 4b212457694ca1f5551a68b6d3a7b34ffd9ce5a5e0766ff16d6c2c96dd51f04a

git-daemon-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: b8f29e125e6382da41ac78ecf3b87257694c2c13f9965a5031803be814f92134

git-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: bf895d59287c45dfc269c7fedae5bd2977606638dc4784dfb73640d09ecdad36

git-debugsource-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8f0345465a35813e97bf31754c2165446b345f8da9aae8d7628b5ce77b7fe3bc

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8d59a616b4cc2cf58b306ed6d3525effddfc92af4ab7becc221262e082fa5272

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

aarch64

git-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 2dd0377120c81df45f9d966a7e8381f17b213e5bce6a1231b407c603b30b9241

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 15638039ccd230bd2304ae45a1bd97f34ffc7f360bb51049b28830e58f1c0cc8

git-core-debuginfo-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 5aa02c9d333230eb4eb18c854421936369da41feeafb6962da6cfb40183c6b2f

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.aarch64.rpm

SHA-256: d2efee6485df7294b01d5bcef1e66047e0b330d3e598e978bfd403d9d572d1c7

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.aarch64.rpm

SHA-256: b6f9d10e7ee3b2ea18c11441e4cbfff9436048fb9af3482b4c76a231fd469374

git-daemon-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 03d6cb0ef6430b71835e0cd15c70d1cfbe040a7b4c77b76feea2d6aea5b161b1

git-daemon-debuginfo-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 8d68ed0b21c027ad418bdbe9f345131b844f3621b6d34c8f4181665f85f73d04

git-debuginfo-2.27.0-4.el8_4.aarch64.rpm

SHA-256: d90a991f13963a6b3ba9d7f795df8425fb9783a3f077b6bcd834037c581d3b57

git-debugsource-2.27.0-4.el8_4.aarch64.rpm

SHA-256: 52ebd9c427785325fb26bf849baf5225ba9e2317f5d70ba03ea31476d417f7f7

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.aarch64.rpm

SHA-256: b0e6a54b6da46c827acc2915300e54019d7af95248885dd550cc12f8181fdccb

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

ppc64le

git-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 80a891483627f8ab1cd44604f959f7c93a682a4c9b54c0420e3aa7cfd61767aa

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 152a4abe81347cda4b9a6eaf0b3364a4249e0bfe75dfe30f45aa7a11256c259b

git-core-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 0644ed82f8efc809a4e34f328d452c473d2f6c3e319afa269e36c46b6975f0a7

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 3a0c2752ccf3d506b56c7ea37d411877e4fe536ed55f3c6ae3a60f41f713dc89

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: c90437b9f3590c33b7c58cba33c339f50eb7d11748a61a026bcd9304e1da8ff3

git-daemon-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: d6d7e370c57a8a25aca0f98da3a7a319068177a60ecbf79f2c0e0eaf2b4822a9

git-daemon-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: e6ec471b5faba7333b9563d0c7ee3b9c0618b1ca96f6feb7d01c94a568c631cf

git-debuginfo-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 947d556c4d6c9084f550f103e8912a4f4d9b170c853c7ede2222db055d91e03b

git-debugsource-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: 3be811637571f5b37aa486f230fc33ff3e2d7246a320d2135f79f6297fa879ce

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.ppc64le.rpm

SHA-256: a53776b4d97b441aa8a113e38349b4ef98509e3e57dbeb38be96068d7d63db54

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

git-2.27.0-4.el8_4.src.rpm

SHA-256: 4f3cc8cebda8998a8f95b44fec74382618f58d63527a5e25d321fccbcf5267d6

x86_64

git-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 23c877a11ed9c609d3a3482ae4ef43f69aeb0738e2d917d81335692e51cb64c6

git-all-2.27.0-4.el8_4.noarch.rpm

SHA-256: 8c50a02a16cad8fe81bb712a64fd00abc6a829ece1abf0a8e3f81c3a3d506fe3

git-core-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 918ee827e2e929e4b593e051aa7f0572e76b2072bfbda4853c69c455b26bed98

git-core-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 9c05877b02d98bc65ba9f4e733918cb2a6ca2343fadf8c111417682e9d7929e3

git-core-doc-2.27.0-4.el8_4.noarch.rpm

SHA-256: 9b53187bde245a77a89c5087a078dfb0e67f634072465c56a591f53b0432724a

git-credential-libsecret-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 7590682a74204dae3394169f75946a5090a6e175f9a799f9618de0a66adfc94e

git-credential-libsecret-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 5ef15e8947175de9ed7e3bd7647fd1ba2786a21f95c12cba20ea0173bebbc3c8

git-daemon-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 4b212457694ca1f5551a68b6d3a7b34ffd9ce5a5e0766ff16d6c2c96dd51f04a

git-daemon-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: b8f29e125e6382da41ac78ecf3b87257694c2c13f9965a5031803be814f92134

git-debuginfo-2.27.0-4.el8_4.x86_64.rpm

SHA-256: bf895d59287c45dfc269c7fedae5bd2977606638dc4784dfb73640d09ecdad36

git-debugsource-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8f0345465a35813e97bf31754c2165446b345f8da9aae8d7628b5ce77b7fe3bc

git-email-2.27.0-4.el8_4.noarch.rpm

SHA-256: 73d16ece618519834d1ac871833c92372b23a096f7c6a5e9146da5b23a9970b4

git-gui-2.27.0-4.el8_4.noarch.rpm

SHA-256: c3addd649ea2750ac3dafb10fd6155279d9fcb4f8301eb22dd499f773c58c6f3

git-instaweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 577b1e291391d5e67aec6ed06c4069628042fe832ae462e39119fba38376e399

git-subtree-2.27.0-4.el8_4.x86_64.rpm

SHA-256: 8d59a616b4cc2cf58b306ed6d3525effddfc92af4ab7becc221262e082fa5272

git-svn-2.27.0-4.el8_4.noarch.rpm

SHA-256: 580947beba0b648baf71aae03b8f143f931c625818210cc43a03ef4993878720

gitk-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2cb54f9cc42e774a561f8f8084540dfe68902ff20f536c9c01519f79763756db

gitweb-2.27.0-4.el8_4.noarch.rpm

SHA-256: 4361e8729ea630eb4af3e5c4a16d51feb38a6aac1bcf7eb5c0eabbd6105ec7a5

perl-Git-2.27.0-4.el8_4.noarch.rpm

SHA-256: 297ed9a4608401fc0aaf1f0b17e2167b914c9e4f2e97050ada0b26eb5c2fa1e4

perl-Git-SVN-2.27.0-4.el8_4.noarch.rpm

SHA-256: 2973b48216dd86a687050fe73f6c683d088da0edd324e2ce2ff76d9396f5caf2

Related news

Gentoo Linux Security Advisory 202312-15

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

Red Hat Security Advisory 2023-3410-01

Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.

Red Hat Security Advisory 2023-3363-01

Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2023-3287-01

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3309: Red Hat Security Advisory: OpenShift Container Platform 4.11.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3287: Red Hat Security Advisory: OpenShift Container Platform 4.12.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

Red Hat Security Advisory 2023-3326-01

Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3297-01

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3297: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...

Red Hat Security Advisory 2023-3280-01

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3263-01

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3280: Red Hat Security Advisory: rh-git227-git security update

An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...

RHSA-2023:3263: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...

Red Hat Security Advisory 2023-3245-01

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3246-01

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3248-01

Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

CVE-2023-29007: Arbitrary configuration injection via `git submodule deinit`

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...