Headline
RHSA-2023:0978: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted
.gitattributesfile that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution. - CVE-2022-41903: A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in
pretty.c::format_and_pad_commit(), where asize_tis stored improperly as anint, and then added as an offset to amemcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g.,git log --format=...). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: gitattributes parsing integer overflow (CVE-2022-23521)
- git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow
- BZ - 2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE
Red Hat Enterprise Linux Server 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
x86_64
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: f3fe734ad3218f6b692ab6f857feecd79887f7898f6f7b3c820b13f15beec63c
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 8db9e73312b0de548fdba6ce3ab5028188239769eebe1dea27c9adb158551378
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 9356f0144669576bec43c9a6b2a19eaef13528753be194a249b1bcac396e6bc2
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: d8cb439acd1b1000c7207371bdc743dd3cc3158553900521ff5cdddfe76696a9
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux Workstation 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
x86_64
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: f3fe734ad3218f6b692ab6f857feecd79887f7898f6f7b3c820b13f15beec63c
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 8db9e73312b0de548fdba6ce3ab5028188239769eebe1dea27c9adb158551378
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 9356f0144669576bec43c9a6b2a19eaef13528753be194a249b1bcac396e6bc2
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: d8cb439acd1b1000c7207371bdc743dd3cc3158553900521ff5cdddfe76696a9
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux Desktop 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
x86_64
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: f3fe734ad3218f6b692ab6f857feecd79887f7898f6f7b3c820b13f15beec63c
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 8db9e73312b0de548fdba6ce3ab5028188239769eebe1dea27c9adb158551378
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 9356f0144669576bec43c9a6b2a19eaef13528753be194a249b1bcac396e6bc2
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: d8cb439acd1b1000c7207371bdc743dd3cc3158553900521ff5cdddfe76696a9
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
s390x
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: 016da3abc460641d08528540c3283fc6641e3b60b60ebba9227028dbd2a6a951
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: 0322e0ee93219301d4018be175968d54153876a3c957208a4c44ca44dadb0535
git-debuginfo-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: f65eac3a1e25029a22b3cc59fea257dfbf242a191fa793d84b8792354c4ca1d6
git-debuginfo-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: f65eac3a1e25029a22b3cc59fea257dfbf242a191fa793d84b8792354c4ca1d6
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: 4aed744e606c9b7c59d86ddf2a7c59074bfbc63d33c854058fe0bf740eb77cae
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.s390x.rpm
SHA-256: 468217a32821c01488bc9c0d6a75d9ea8063e2114bb6d6a20a9ccf3d2e85129b
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux for Power, big endian 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
ppc64
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: 40bf8ce8db125796ee5d3155720ffcd194efaf5a3cf18572e0a6bcac90d38064
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: 228c5df6e6ec143d63d7b4eb75e9d3b5e0ecce418b789d441093c14920128f7e
git-debuginfo-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: fa79c3770384fb118780e318f28c3bcc534790a0cba83e70ea48c46d24ae2cf0
git-debuginfo-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: fa79c3770384fb118780e318f28c3bcc534790a0cba83e70ea48c46d24ae2cf0
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: 701e2c262df6270351b22047ab0ae132eb35c6f2b6596c6c3e54e29cfa0e31cf
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.ppc64.rpm
SHA-256: 208abb06b46cb14875f3c98f70f25177ef54875a04d66043a1e5af200c0d8a39
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
x86_64
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: f3fe734ad3218f6b692ab6f857feecd79887f7898f6f7b3c820b13f15beec63c
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 8db9e73312b0de548fdba6ce3ab5028188239769eebe1dea27c9adb158551378
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 6ffee093461956389781427bbe59673dff51b9e0ae6ee4c347a62d98cd5457b8
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: 9356f0144669576bec43c9a6b2a19eaef13528753be194a249b1bcac396e6bc2
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.x86_64.rpm
SHA-256: d8cb439acd1b1000c7207371bdc743dd3cc3158553900521ff5cdddfe76696a9
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Red Hat Enterprise Linux for Power, little endian 7
SRPM
git-1.8.3.1-24.el7_9.src.rpm
SHA-256: 61a4221c2801bdfad8cd72759c7d0f02d919bc11b0a5df30d6f425d8b8bbd9d6
ppc64le
emacs-git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b1e63aac474c0b555c252db2807d9b71ef333dd4c931dde931da34f71ba67063
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: dc8fa3944e0bb13f66e1d2c9083b8c7971675500c34f28632e89d17cfeeb491e
git-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: ce07d3c047dc8c36212718d536c79733a5d7c071cc86499cec0bc55bcc41b1d4
git-all-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: c0098b65f5e9f92570d98e115687119a8398cb3003b3d9a401d85e50d9f1c777
git-bzr-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 17cd68a18f1d7f32624e6c25c81c495b7f14f66650d8525d970700599af56e13
git-cvs-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5b95e4015ea165c487e43e7b954149a40c54ca7737009168d2b59e4e2e398a82
git-daemon-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: 65ebce355a6b3d1cb36b216d677a6b65c0281ebbc8044402a0f51aad68815ea3
git-debuginfo-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: 37864bdaf4a90081973ca40a63678992d2f03c7439163746ab803bfb227acb7f
git-debuginfo-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: 37864bdaf4a90081973ca40a63678992d2f03c7439163746ab803bfb227acb7f
git-email-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: ba15ce467eb364a965db065672e516763ae717442e5953e64012bdf3591322aa
git-gnome-keyring-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: ba0b88a1a46c60e56f1d25c5aff9312e8147284a0064d02a6a15938c72bf37f3
git-gui-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 123a9c062bcf29ea1372cd721e3c0af02f588c37da4c17ae8d9d13ec86b3b17e
git-hg-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: b9123fb326871d2926633408e2bba8a6d4389c9fa73b3fed8edd98f47e8e2483
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 5814c0d41ab6b499ba39da494aceda010f402576b600d2a886e17ecb4f0335b3
git-p4-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 7797210cadc55b26eb38dff7ab75b83a1e36e139de659e607fc9824767b1c6b6
git-svn-1.8.3.1-24.el7_9.ppc64le.rpm
SHA-256: bcd17ac7387d15a10b6cb54488742d7764080d1c5d9df67a3a160ae9715c9942
gitk-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 37835f9de2c7526671361bcf3d9a66ee9f99fea4a12122a3daf2c65a0921e414
gitweb-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 834a140c0f54292556b9c735e2516d8fa209481c4010dd6d49b7643ec856232c
perl-Git-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 289e44caf5202786c377c245f52deffa75cd1abe83e302211c9bcf7405667de0
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm
SHA-256: 1438630d89118ae3b2fdd3349d07a69ab1cea3b240cbd60bf11c0f8607791139
Related news
Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505 (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and
Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.
Ubuntu Security Notice 5810-4 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...
An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...
Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there i...
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0.
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u...
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched i...