Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3247: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.
  • CVE-2023-25815: A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.
  • CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#git#perl#ibm#sap

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
  • git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
  • git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
  • BZ - 2188337 - CVE-2023-25815 git: malicious placement of crafted messages when git was compiled with runtime prefix
  • BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

x86_64

git-2.31.1-4.el8_6.x86_64.rpm

SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c

git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f

git-daemon-2.31.1-4.el8_6.x86_64.rpm

SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e

git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b

git-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d

git-debugsource-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

x86_64

git-2.31.1-4.el8_6.x86_64.rpm

SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c

git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f

git-daemon-2.31.1-4.el8_6.x86_64.rpm

SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e

git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b

git-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d

git-debugsource-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

s390x

git-2.31.1-4.el8_6.s390x.rpm

SHA-256: 95b3e8a9387e954cb9f88ef5d987ea224ed1b34e4371aaa1b5f181ae9d20d75b

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.s390x.rpm

SHA-256: 6406347ae966233ecbbe40bff5964fa1c7ccc1e76f2f2384e634a287a06bac93

git-core-debuginfo-2.31.1-4.el8_6.s390x.rpm

SHA-256: 03716c50f3fe6f135b9bbb82dd22d095441996f29f63108c37b317f17c55c277

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.s390x.rpm

SHA-256: a37e3c233c0065df06044dacc145e3d143755b0f188ccfd9fd7ec38226287b33

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.s390x.rpm

SHA-256: 40e1dab7488ed45a7729a6b948e2303fd05b3b8bff1b4cd04aa979d688bd62f8

git-daemon-2.31.1-4.el8_6.s390x.rpm

SHA-256: 385ffba0f574ebb4f383101594d67a19a0fbe118f0baa780997915fe0f3cebd5

git-daemon-debuginfo-2.31.1-4.el8_6.s390x.rpm

SHA-256: 758054fba08760a66e9702a42cb5eb5a6c694f188e30130ee1ad6a5c41b163ba

git-debuginfo-2.31.1-4.el8_6.s390x.rpm

SHA-256: 08c417c7fdc5a39e20d3b4a18525a86d3c6b7910ed25a0178bc7ca8c9a52fd89

git-debugsource-2.31.1-4.el8_6.s390x.rpm

SHA-256: 304a0ed3f45d6f460ea7e8c8551d41a6caad8b9f13ed19e761154f5a5b1ea0f7

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.s390x.rpm

SHA-256: a6ac8cd1c17b6229a14528ba990f40940772160d3461477d4917cd13be3f6d59

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

ppc64le

git-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 2977c786b36b0414513269b88c154913f4e636ad146781bb6c8b7a53b316269a

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: fd80ff98bd844cd164d7c954bf6888d7a4e2905c316149a08ebb65508173a374

git-core-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: f6cd2d3c1c7660fadbc131ce3097e3f660a483e29f4576d8596fbabf03ad93ea

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 4fbfc7dbe1c22550bed2339bd4a7ecf86249818b16be1e73a16eb95160e661e1

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 57237de07106bc0a8c56ce781c0f6dce9bd6eb07330d1f716cf7daf5e815e783

git-daemon-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: c31ef4e03ff4c0597e882ab5ab255f7d2fa4a7306980bc41a7dd5f821cf0f40d

git-daemon-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: aa3c42c73886f50b855a01f98a3dcc594dc5b7a8dec945e9fa681cd9eafb50a8

git-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 38b8fe311a13d5f730791290ba2f705c6bf9dac5ac5480a9c51896a2eb935b19

git-debugsource-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 6111055356d8d83fd05f7655ffa882920870a82f9ac398dbce814df58278477a

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 89db82934410b5e92b1c969e3ff8f3269d5dad229488869397132f89353c47fb

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

x86_64

git-2.31.1-4.el8_6.x86_64.rpm

SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c

git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f

git-daemon-2.31.1-4.el8_6.x86_64.rpm

SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e

git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b

git-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d

git-debugsource-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

aarch64

git-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 4dc9467db0eff83e0afd5d027086eed310df1e04d7bd82b6b728a9dc6549202e

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.aarch64.rpm

SHA-256: fe3204c130da7d4486527232a5b6db4404c73477ae21cb0dc0c216b69aebe7ca

git-core-debuginfo-2.31.1-4.el8_6.aarch64.rpm

SHA-256: fb1d18a3d28447911326e2181a9c9c87278da99c40e868ea471228c2c4df593a

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.aarch64.rpm

SHA-256: a004177b659bed33aa27603569ab7b28f4f1122c0718dff902fe1a0db5a03622

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 9ea2abb56208906f3b568c0dbd28213a66a040b2825996de96fe4f8242bc7a4c

git-daemon-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 3b17c26283ddab9741110f20caa4e0eaf44fa4fdf9e39d5e1a9309182e705664

git-daemon-debuginfo-2.31.1-4.el8_6.aarch64.rpm

SHA-256: b8889ca15bf344010c19d5f080b3476c6cd85491eac6dd9b4fe6782df7490d3d

git-debuginfo-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 603110fd909b7cd87034a55ee39cb6c57fabc78f16df155c6e8673936255421b

git-debugsource-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 06b133987d5093ffffff55a3e65f15d46951b0ff1a1a73517da8acd94024c62e

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.aarch64.rpm

SHA-256: 940467293053d82085cb9c1bdd7a277fe5e242328e939ed3eb165334194de992

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

ppc64le

git-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 2977c786b36b0414513269b88c154913f4e636ad146781bb6c8b7a53b316269a

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: fd80ff98bd844cd164d7c954bf6888d7a4e2905c316149a08ebb65508173a374

git-core-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: f6cd2d3c1c7660fadbc131ce3097e3f660a483e29f4576d8596fbabf03ad93ea

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 4fbfc7dbe1c22550bed2339bd4a7ecf86249818b16be1e73a16eb95160e661e1

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 57237de07106bc0a8c56ce781c0f6dce9bd6eb07330d1f716cf7daf5e815e783

git-daemon-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: c31ef4e03ff4c0597e882ab5ab255f7d2fa4a7306980bc41a7dd5f821cf0f40d

git-daemon-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: aa3c42c73886f50b855a01f98a3dcc594dc5b7a8dec945e9fa681cd9eafb50a8

git-debuginfo-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 38b8fe311a13d5f730791290ba2f705c6bf9dac5ac5480a9c51896a2eb935b19

git-debugsource-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 6111055356d8d83fd05f7655ffa882920870a82f9ac398dbce814df58278477a

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.ppc64le.rpm

SHA-256: 89db82934410b5e92b1c969e3ff8f3269d5dad229488869397132f89353c47fb

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

git-2.31.1-4.el8_6.src.rpm

SHA-256: 34027411ae6d89b1956669c8dcfe25330fcf815173bf850388e3f5e87b00cb72

x86_64

git-2.31.1-4.el8_6.x86_64.rpm

SHA-256: edb834f1299cb6a55805454853dc3ac0ed9de7f5c25e31bc59fa92c878869116

git-all-2.31.1-4.el8_6.noarch.rpm

SHA-256: 837fec30ed61bfe430f6e90375f9c49bfe7748fa97d9e366d4ca6a8f9ac0a732

git-core-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6e7fcafe128ac35491faf5d3d6b5e81e4500685562cfd61e685fe64cfcec591c

git-core-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 3c8b09ce115a38a8114005bda571ee00372007edd21f4666ce3772b7b9653942

git-core-doc-2.31.1-4.el8_6.noarch.rpm

SHA-256: 3e9648a7abfdc542c44da357f0605dea4e49624a4d40478644d8548d7522c040

git-credential-libsecret-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6ba5198f7289137edb841a8936caa418e920dec7378e5dc9fe9a6bb3d6ced2bd

git-credential-libsecret-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 6b74598397ba04ffb7d6f04d96264a19d0ac0c612b93c4998dc435ddb732587f

git-daemon-2.31.1-4.el8_6.x86_64.rpm

SHA-256: cca4cdd9cad87a59949bcb75915b264b21c6039ddeff366668c34b3442572a1e

git-daemon-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: b02f5bcfb2c05a651d7c1ac4166b592226d6ce94448717a1aea572bb85ae544b

git-debuginfo-2.31.1-4.el8_6.x86_64.rpm

SHA-256: ca8a0428402465cfd3ceb2be73212ce4a94bdfb0c94b0a80f66962c61956b53d

git-debugsource-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ed3f7c07c2bd2dd39cb4fbb9f872f164cad8edd706d189bde6225f4c40239cf

git-email-2.31.1-4.el8_6.noarch.rpm

SHA-256: bb4a3346805665c9763ce7902f4a8452e3efd17997e06ca4304f25bdb21f09f2

git-gui-2.31.1-4.el8_6.noarch.rpm

SHA-256: c2fc3ad60aff49f31154522421f811256967b686e1fa98ed09c8d6c357f9fc5d

git-instaweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: 792d1306fc793ed9f863c031b8c70ab1f0931f44c5583f06b81d0aa97152bb89

git-subtree-2.31.1-4.el8_6.x86_64.rpm

SHA-256: 0ccf903bbc37f55c898af95aa08c1e35175fd84accfea71d25497db11a6d5602

git-svn-2.31.1-4.el8_6.noarch.rpm

SHA-256: 7f1f4c49139bd29381c835a82c7fd8f6ed070bea35b32937f8faf45643cfde0a

gitk-2.31.1-4.el8_6.noarch.rpm

SHA-256: 5273b50409e090c43c77341c46ac721976cae79cd4058b24351a5da0d704d082

gitweb-2.31.1-4.el8_6.noarch.rpm

SHA-256: dc48a0f34cfb862a670012d7b12f21101c979d51be6fb651f77f7ded7ebef9b4

perl-Git-2.31.1-4.el8_6.noarch.rpm

SHA-256: 6b5c81d0f79c7ac22d219dca83dc5766c302286fb7c9d5fa7c6444c06263e71c

perl-Git-SVN-2.31.1-4.el8_6.noarch.rpm

SHA-256: b12a577ead785c7d2fbc34f9eeb1ad0796d3e2dfd3987dba52bd7f919d493837

Related news

Gentoo Linux Security Advisory 202312-15

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:3624: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...

RHSA-2023:3363: Red Hat Security Advisory: OpenShift Container Platform 4.10.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2023-3287-01

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

RHSA-2023:3382: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3287: Red Hat Security Advisory: OpenShift Container Platform 4.12.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

Red Hat Security Advisory 2023-3326-01

Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3297-01

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:3297: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbo...

Red Hat Security Advisory 2023-3280-01

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3280: Red Hat Security Advisory: rh-git227-git security update

An update for rh-git227-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This security flaw ...

RHSA-2023:3263: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-29007: A vulnerability was found in Git. This security flaw occurs when ...

Red Hat Security Advisory 2023-3245-01

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3246-01

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3248-01

Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

RHSA-2023:3248: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

RHSA-2023:3243: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in Git. This ...

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

Ubuntu Security Notice USN-6050-2

Ubuntu Security Notice 6050-2 - USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite paths.

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

RHSA-2023:3192: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25652: A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. * CVE-2023-25815: A vulnerability was found in ...

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

Ubuntu Security Notice USN-6050-1

Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.

CVE-2023-29007: Arbitrary configuration injection via `git submodule deinit`

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

CVE-2023-25815: Release Git for Windows 2.40.1 · git-for-windows/git

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It do...

CVE-2023-25652: Git 2.30.9 · git/git@668f2d5

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.