Headline
RHSA-2023:3247: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to
git apply --reject
; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. - CVE-2023-25815: A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.
- CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
- git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
- git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
- BZ - 2188337 - CVE-2023-25815 git: malicious placement of crafted messages when git was compiled with runtime prefix
- BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
x86_64
git-2.31.1-4.el8_6.x86_64.rpm
SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c
git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f
git-daemon-2.31.1-4.el8_6.x86_64.rpm
SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e
git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b
git-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d
git-debugsource-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
x86_64
git-2.31.1-4.el8_6.x86_64.rpm
SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c
git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f
git-daemon-2.31.1-4.el8_6.x86_64.rpm
SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e
git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b
git-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d
git-debugsource-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
s390x
git-2.31.1-4.el8_6.s390x.rpm
SHA-256: 95b3e8a9387e954cb9f88ef5d987ea224ed1b34e4371aaa1b5f181ae9d20d75b
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.s390x.rpm
SHA-256: 6406347ae966233ecbbe40bff5964fa1c7ccc1e76f2f2384e634a287a06bac93
git-core-debuginfo-2.31.1-4.el8_6.s390x.rpm
SHA-256: 03716c50f3fe6f135b9bbb82dd22d095441996f29f63108c37b317f17c55c277
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.s390x.rpm
SHA-256: a37e3c233c0065df06044dacc145e3d143755b0f188ccfd9fd7ec38226287b33
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.s390x.rpm
SHA-256: 40e1dab7488ed45a7729a6b948e2303fd05b3b8bff1b4cd04aa979d688bd62f8
git-daemon-2.31.1-4.el8_6.s390x.rpm
SHA-256: 385ffba0f574ebb4f383101594d67a19a0fbe118f0baa780997915fe0f3cebd5
git-daemon-debuginfo-2.31.1-4.el8_6.s390x.rpm
SHA-256: 758054fba08760a66e9702a42cb5eb5a6c694f188e30130ee1ad6a5c41b163ba
git-debuginfo-2.31.1-4.el8_6.s390x.rpm
SHA-256: 08c417c7fdc5a39e20d3b4a18525a86d3c6b7910ed25a0178bc7ca8c9a52fd89
git-debugsource-2.31.1-4.el8_6.s390x.rpm
SHA-256: 304a0ed3f45d6f460ea7e8c8551d41a6caad8b9f13ed19e761154f5a5b1ea0f7
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.s390x.rpm
SHA-256: a6ac8cd1c17b6229a14528ba990f40940772160d3461477d4917cd13be3f6d59
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
ppc64le
git-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 2977c786b36b0414513269b88c154913f4e636ad146781bb6c8b7a53b316269a
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: fd80ff98bd844cd164d7c954bf6888d7a4e2905c316149a08ebb65508173a374
git-core-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: f6cd2d3c1c7660fadbc131ce3097e3f660a483e29f4576d8596fbabf03ad93ea
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 4fbfc7dbe1c22550bed2339bd4a7ecf86249818b16be1e73a16eb95160e661e1
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 57237de07106bc0a8c56ce781c0f6dce9bd6eb07330d1f716cf7daf5e815e783
git-daemon-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: c31ef4e03ff4c0597e882ab5ab255f7d2fa4a7306980bc41a7dd5f821cf0f40d
git-daemon-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: aa3c42c73886f50b855a01f98a3dcc594dc5b7a8dec945e9fa681cd9eafb50a8
git-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 38b8fe311a13d5f730791290ba2f705c6bf9dac5ac5480a9c51896a2eb935b19
git-debugsource-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 6111055356d8d83fd05f7655ffa882920870a82f9ac398dbce814df58278477a
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 89db82934410b5e92b1c969e3ff8f3269d5dad229488869397132f89353c47fb
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
x86_64
git-2.31.1-4.el8_6.x86_64.rpm
SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c
git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f
git-daemon-2.31.1-4.el8_6.x86_64.rpm
SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e
git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b
git-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d
git-debugsource-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
aarch64
git-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 4dc9467db0eff83e0afd5d027086eed310df1e04d7bd82b6b728a9dc6549202e
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.aarch64.rpm
SHA-256: fe3204c130da7d4486527232a5b6db4404c73477ae21cb0dc0c216b69aebe7ca
git-core-debuginfo-2.31.1-4.el8_6.aarch64.rpm
SHA-256: fb1d18a3d28447911326e2181a9c9c87278da99c40e868ea471228c2c4df593a
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.aarch64.rpm
SHA-256: a004177b659bed33aa27603569ab7b28f4f1122c0718dff902fe1a0db5a03622
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 9ea2abb56208906f3b568c0dbd28213a66a040b2825996de96fe4f8242bc7a4c
git-daemon-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 3b17c26283ddab9741110f20caa4e0eaf44fa4fdf9e39d5e1a9309182e705664
git-daemon-debuginfo-2.31.1-4.el8_6.aarch64.rpm
SHA-256: b8889ca15bf344010c19d5f080b3476c6cd85491eac6dd9b4fe6782df7490d3d
git-debuginfo-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 603110fd909b7cd87034a55ee39cb6c57fabc78f16df155c6e8673936255421b
git-debugsource-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 06b133987d5093ffffff55a3e65f15d46951b0ff1a1a73517da8acd94024c62e
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.aarch64.rpm
SHA-256: 940467293053d82085cb9c1bdd7a277fe5e242328e939ed3eb165334194de992
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
ppc64le
git-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 2977c786b36b0414513269b88c154913f4e636ad146781bb6c8b7a53b316269a
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: fd80ff98bd844cd164d7c954bf6888d7a4e2905c316149a08ebb65508173a374
git-core-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: f6cd2d3c1c7660fadbc131ce3097e3f660a483e29f4576d8596fbabf03ad93ea
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 4fbfc7dbe1c22550bed2339bd4a7ecf86249818b16be1e73a16eb95160e661e1
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 57237de07106bc0a8c56ce781c0f6dce9bd6eb07330d1f716cf7daf5e815e783
git-daemon-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: c31ef4e03ff4c0597e882ab5ab255f7d2fa4a7306980bc41a7dd5f821cf0f40d
git-daemon-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: aa3c42c73886f50b855a01f98a3dcc594dc5b7a8dec945e9fa681cd9eafb50a8
git-debuginfo-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 38b8fe311a13d5f730791290ba2f705c6bf9dac5ac5480a9c51896a2eb935b19
git-debugsource-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 6111055356d8d83fd05f7655ffa882920870a82f9ac398dbce814df58278477a
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.ppc64le.rpm
SHA-256: 89db82934410b5e92b1c969e3ff8f3269d5dad229488869397132f89353c47fb
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
git-2.31.1-4.el8_6.src.rpm
SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72
x86_64
git-2.31.1-4.el8_6.x86_64.rpm
SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116
git-all-2.31.1-4.el8_6.noarch.rpm
SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732
git-core-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c
git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942
git-core-doc-2.31.1-4.el8_6.noarch.rpm
SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040
git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd
git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f
git-daemon-2.31.1-4.el8_6.x86_64.rpm
SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e
git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b
git-debuginfo-2.31.1-4.el8_6.x86_64.rpm
SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d
git-debugsource-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf
git-email-2.31.1-4.el8_6.noarch.rpm
SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2
git-gui-2.31.1-4.el8_6.noarch.rpm
SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d
git-instaweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89
git-subtree-2.31.1-4.el8_6.x86_64.rpm
SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602
git-svn-2.31.1-4.el8_6.noarch.rpm
SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a
gitk-2.31.1-4.el8_6.noarch.rpm
SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082
gitweb-2.31.1-4.el8_6.noarch.rpm
SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4
perl-Git-2.31.1-4.el8_6.noarch.rpm
SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c
perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm
SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837
Related news
Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...
Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.