Headline
RHSA-2023:3248: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to
git apply --reject
; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. - CVE-2023-25815: A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.
- CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
- git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
- git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
- BZ - 2188337 - CVE-2023-25815 git: malicious placement of crafted messages when git was compiled with runtime prefix
- BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
x86_64
git-2.31.1-5.el9_0.x86_64.rpm
SHA-256: bd845683247d27262ef3c2808220cc05dd93aa377667f3164c724673d8172cd3
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 58b2a96aa9be88b90f7b765b3f2cc83833c54c8c8585e2656bd560f625f00964
git-core-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 7277e9880ad92ce5cfa32a0ce80d68da9551a4f0813f26f666428f16bc64f97b
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.x86_64.rpm
SHA-256: f5cec8e066400b816a55058bd16b2a95057dde3ee8fc9069796a518a5896b85a
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 309381f7f562123aad7c70e1d00ab28588847366232be6d1d0d942773582704f
git-daemon-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 9be2862920f20a0a9541105425820360d3e12d0717c73a548d27183f2e938817
git-daemon-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 006fc613ece04cc2e564bd7c962e84349f7a5320fecb24e96cd00b6b0be22503
git-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 341833d8a717c5071167a8c722f3b23daaf5f19870b9e22496e5a19357de15ed
git-debugsource-2.31.1-5.el9_0.x86_64.rpm
SHA-256: ad73f7c46645913528eb85e7fedf364841751b7fdc76d4b0bee9186e8cae1766
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.x86_64.rpm
SHA-256: fa03510963c26d6f96a823573cae598a6cbbabfb01d36397045b7c5cea75b852
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
s390x
git-2.31.1-5.el9_0.s390x.rpm
SHA-256: f37da6ee594e01b2363dc5898e2f7926d0b2d8620eba2e81116e26363f39366a
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.s390x.rpm
SHA-256: cb85f875e149f81f1cf1886d4e6c3541f6d85c4dad1a16a4e02c91324430bb0f
git-core-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: de3923ef01041ad19b9969972a84114c1aa1d6729a018dcbf0943f24ba986a8a
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.s390x.rpm
SHA-256: e87dff6027e24f2440bd7ba50cebdd974ba27f45f871d1c15bc0a6779b68310f
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: 59b3156fbda8a54a3d10cbf93be2118244d0a291eecb5165d489be30c3f58377
git-daemon-2.31.1-5.el9_0.s390x.rpm
SHA-256: b6a3942395a6f86950d1c3f5894ddd57cdfe94d8a1bf7c1638cda5867301e034
git-daemon-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: 08641c531842d59a98c16e576bd6b3ab1dde7209201b17aa2447fca74473911a
git-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: ff18be3e01cb7f15bcdc019c65c87e65b4d36e10b04a3f84c95da1af16a1cbdf
git-debugsource-2.31.1-5.el9_0.s390x.rpm
SHA-256: 21ddaae1ee396f10bf31a9d571998f10c888803406bfa742cdf7e3ff5fa6d970
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.s390x.rpm
SHA-256: be62d4f19c763c3ed5debe58f02b1a23586c24b4b11de0a99ea387f13a4869f7
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
ppc64le
git-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 82cf84aba0e8e417726622d511b25f8679f6bf58bdbb482e3d9dd87891910604
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 1eb0e46a5205610ee5b9e5851a169485403a30ca8b4313df16edb9f70201cb2a
git-core-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 321fd9747a9be5d1446aed908b57579d92168d0c562ff8e3f95fb73deb536532
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: e346c3a9d7d14e96dcd21160be0325f1e7b1be28d4f4201e600099d24ce2a0b5
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: edf8bc58a5d6cb8f6b031572ac22ed6c502dd09957c8e1094817db5f33a7af71
git-daemon-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: de45868b6ab88e90a334f1049fb72f26dbb310b870ce5043a6babb76ac8b9176
git-daemon-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 669200cb2cbbdcd25474512002aee4790b0222fff6a16b6ea81c87490c107b80
git-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: fc9f67547fc81a46a74d851139e79e2f693a86569aa1d6095e12a0edeb7766ed
git-debugsource-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 006869b436dd08654f8faabc6eaa92bebc49eab48941637381348cf120a616d0
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: e2bc0c7006fd709d901714b01eb8c37eb5b5a6836087964ed06dd0661b1bc7ce
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
aarch64
git-2.31.1-5.el9_0.aarch64.rpm
SHA-256: f7a52071d5734fabad8d42bbe0d46295bc8331b6cd8fffe3ab2923561b8f661a
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.aarch64.rpm
SHA-256: acdf8bcfd3dad25468f5003179be1a85a337d4c8e0c88b101613b7a2ee891288
git-core-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: ed59f4258584cc93c379312c6304e88c29a29d1c519931629fd5708d2a557285
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 44f7307a0dbc68fd2b38e392e074e253ca26bd031b01305c1b01aace5def21c0
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 24456d792f25ad3f43905519f7179da05b4e455ae3e6b9f680fc46a4668f8a3c
git-daemon-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 36db4405584fc45ba93075f89f0ee7f2627add968e34f8c1921aaaa06a0c566c
git-daemon-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: c41ebbb34e17b59c73d71d135e13b4420b5662070afc81b4915bb0a8d0b17f4b
git-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 2fbe572ccfa391a24dc02f54f7b9dedc0932fee3ccc3ba0f06b03c25486dcc9b
git-debugsource-2.31.1-5.el9_0.aarch64.rpm
SHA-256: cc0ad28119326501c0d1e95165deb58d8cf30d7eca3ecda609e11717f8b225e1
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.aarch64.rpm
SHA-256: d94dce1a32b8181ab9b798f6af4c08da8f9e8b4cdea925ede9cc1694b9e34480
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
ppc64le
git-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 82cf84aba0e8e417726622d511b25f8679f6bf58bdbb482e3d9dd87891910604
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 1eb0e46a5205610ee5b9e5851a169485403a30ca8b4313df16edb9f70201cb2a
git-core-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 321fd9747a9be5d1446aed908b57579d92168d0c562ff8e3f95fb73deb536532
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: e346c3a9d7d14e96dcd21160be0325f1e7b1be28d4f4201e600099d24ce2a0b5
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: edf8bc58a5d6cb8f6b031572ac22ed6c502dd09957c8e1094817db5f33a7af71
git-daemon-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: de45868b6ab88e90a334f1049fb72f26dbb310b870ce5043a6babb76ac8b9176
git-daemon-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 669200cb2cbbdcd25474512002aee4790b0222fff6a16b6ea81c87490c107b80
git-debuginfo-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: fc9f67547fc81a46a74d851139e79e2f693a86569aa1d6095e12a0edeb7766ed
git-debugsource-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: 006869b436dd08654f8faabc6eaa92bebc49eab48941637381348cf120a616d0
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.ppc64le.rpm
SHA-256: e2bc0c7006fd709d901714b01eb8c37eb5b5a6836087964ed06dd0661b1bc7ce
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
x86_64
git-2.31.1-5.el9_0.x86_64.rpm
SHA-256: bd845683247d27262ef3c2808220cc05dd93aa377667f3164c724673d8172cd3
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 58b2a96aa9be88b90f7b765b3f2cc83833c54c8c8585e2656bd560f625f00964
git-core-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 7277e9880ad92ce5cfa32a0ce80d68da9551a4f0813f26f666428f16bc64f97b
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.x86_64.rpm
SHA-256: f5cec8e066400b816a55058bd16b2a95057dde3ee8fc9069796a518a5896b85a
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 309381f7f562123aad7c70e1d00ab28588847366232be6d1d0d942773582704f
git-daemon-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 9be2862920f20a0a9541105425820360d3e12d0717c73a548d27183f2e938817
git-daemon-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 006fc613ece04cc2e564bd7c962e84349f7a5320fecb24e96cd00b6b0be22503
git-debuginfo-2.31.1-5.el9_0.x86_64.rpm
SHA-256: 341833d8a717c5071167a8c722f3b23daaf5f19870b9e22496e5a19357de15ed
git-debugsource-2.31.1-5.el9_0.x86_64.rpm
SHA-256: ad73f7c46645913528eb85e7fedf364841751b7fdc76d4b0bee9186e8cae1766
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.x86_64.rpm
SHA-256: fa03510963c26d6f96a823573cae598a6cbbabfb01d36397045b7c5cea75b852
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
aarch64
git-2.31.1-5.el9_0.aarch64.rpm
SHA-256: f7a52071d5734fabad8d42bbe0d46295bc8331b6cd8fffe3ab2923561b8f661a
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.aarch64.rpm
SHA-256: acdf8bcfd3dad25468f5003179be1a85a337d4c8e0c88b101613b7a2ee891288
git-core-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: ed59f4258584cc93c379312c6304e88c29a29d1c519931629fd5708d2a557285
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 44f7307a0dbc68fd2b38e392e074e253ca26bd031b01305c1b01aace5def21c0
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 24456d792f25ad3f43905519f7179da05b4e455ae3e6b9f680fc46a4668f8a3c
git-daemon-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 36db4405584fc45ba93075f89f0ee7f2627add968e34f8c1921aaaa06a0c566c
git-daemon-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: c41ebbb34e17b59c73d71d135e13b4420b5662070afc81b4915bb0a8d0b17f4b
git-debuginfo-2.31.1-5.el9_0.aarch64.rpm
SHA-256: 2fbe572ccfa391a24dc02f54f7b9dedc0932fee3ccc3ba0f06b03c25486dcc9b
git-debugsource-2.31.1-5.el9_0.aarch64.rpm
SHA-256: cc0ad28119326501c0d1e95165deb58d8cf30d7eca3ecda609e11717f8b225e1
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.aarch64.rpm
SHA-256: d94dce1a32b8181ab9b798f6af4c08da8f9e8b4cdea925ede9cc1694b9e34480
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
git-2.31.1-5.el9_0.src.rpm
SHA-256: 248e40c3fc747c8b2cdff170779beaab51b6d4c2775f4bda1a652273c7db3efc
s390x
git-2.31.1-5.el9_0.s390x.rpm
SHA-256: f37da6ee594e01b2363dc5898e2f7926d0b2d8620eba2e81116e26363f39366a
git-all-2.31.1-5.el9_0.noarch.rpm
SHA-256: f4bb308bd3c7d3f57c3c533e6d70df91699a2c2dd77debaa820a2c979fdfd5c9
git-core-2.31.1-5.el9_0.s390x.rpm
SHA-256: cb85f875e149f81f1cf1886d4e6c3541f6d85c4dad1a16a4e02c91324430bb0f
git-core-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: de3923ef01041ad19b9969972a84114c1aa1d6729a018dcbf0943f24ba986a8a
git-core-doc-2.31.1-5.el9_0.noarch.rpm
SHA-256: 841036b67a43160ac088c414946d46804a26fb92fb4be37efdae8deb36a23943
git-credential-libsecret-2.31.1-5.el9_0.s390x.rpm
SHA-256: e87dff6027e24f2440bd7ba50cebdd974ba27f45f871d1c15bc0a6779b68310f
git-credential-libsecret-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: 59b3156fbda8a54a3d10cbf93be2118244d0a291eecb5165d489be30c3f58377
git-daemon-2.31.1-5.el9_0.s390x.rpm
SHA-256: b6a3942395a6f86950d1c3f5894ddd57cdfe94d8a1bf7c1638cda5867301e034
git-daemon-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: 08641c531842d59a98c16e576bd6b3ab1dde7209201b17aa2447fca74473911a
git-debuginfo-2.31.1-5.el9_0.s390x.rpm
SHA-256: ff18be3e01cb7f15bcdc019c65c87e65b4d36e10b04a3f84c95da1af16a1cbdf
git-debugsource-2.31.1-5.el9_0.s390x.rpm
SHA-256: 21ddaae1ee396f10bf31a9d571998f10c888803406bfa742cdf7e3ff5fa6d970
git-email-2.31.1-5.el9_0.noarch.rpm
SHA-256: 69683b1b1c3968476c4116c5653c471e500286585184526751b12d82e0cbb6da
git-gui-2.31.1-5.el9_0.noarch.rpm
SHA-256: c3cb791a310e631ae1889983e639a77290791cbf889e993aac15503f81ef5c5c
git-instaweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: b62f659f7e98af64cd36e36de13c7af603d106a0a9535f2b4333b02a59488011
git-subtree-2.31.1-5.el9_0.s390x.rpm
SHA-256: be62d4f19c763c3ed5debe58f02b1a23586c24b4b11de0a99ea387f13a4869f7
git-svn-2.31.1-5.el9_0.noarch.rpm
SHA-256: 39819c4ac90c7fcb81446382d54ce45ab5252c2918f936e06b9698f8a2c37b63
gitk-2.31.1-5.el9_0.noarch.rpm
SHA-256: 14aba9036ebdf768020df6374427f12338fad053fce5c4748a114e7b2ef637ae
gitweb-2.31.1-5.el9_0.noarch.rpm
SHA-256: ee62add37fe95f6437112bc24751c8d078c0cb26d55f7f6488f160d7f0d51c23
perl-Git-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4b9726da04d612f04ded5e882bdfae851aa6ee819a2b7ffd3c1a6a5ad16c94e1
perl-Git-SVN-2.31.1-5.el9_0.noarch.rpm
SHA-256: 4623ad45d71f80643088277d2bc1bdfa27b8d0496b5b5fcaffe5c57d93332513
Related news
Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside...
Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.