ALSA-2025:11533

[ALSA-2025:11533] Important: git security update

Type:

security

Severity:

important

Release date:

2025-07-24

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.  

Security Fix(es):  

  * git: Git does not sanitize URLs when asking for credentials interactively (CVE-2024-50349)
  * git: Newline confusion in credential helpers can lead to credential exfiltration in git (CVE-2024-52006)
  * git: Git arbitrary code execution (CVE-2025-48384)
  * git: Git arbitrary file writes (CVE-2025-48385)
  * gitk: Git file creation flaw (CVE-2025-27613)
  * gitk: git script execution flaw (CVE-2025-27614)
  * git: Git GUI can create and overwrite files for which the user has write permission (CVE-2025-46835)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-credential-libsecret-2.47.3-1.el10_0.aarch64.rpm	35f2f8ef0c8cbee0b7e471e79137d201d8905bd839ced8deb01ccedc92f191e0
aarch64	git-core-2.47.3-1.el10_0.aarch64.rpm	65ce03bb453c6892017682c3c6952e249f27710bdfed0d886a8b8dee13343bdd
aarch64	git-daemon-2.47.3-1.el10_0.aarch64.rpm	b612059af88c92336d2a0fc37aae1ca190910e0fcb4cea045215b374ba512101
aarch64	git-2.47.3-1.el10_0.aarch64.rpm	ffdee8201fa49a710da4659bf1b70b9967fa50e595c2a372ed9b787c70c055e6
noarch	git-gui-2.47.3-1.el10_0.noarch.rpm	1ddc3746ab181b75687c192d57a522284b6042b46727713358699f2ed009f147
noarch	perl-Git-SVN-2.47.3-1.el10_0.noarch.rpm	21b6dc7fbfc8c031a7a3b2b04927bbfcbdcbd090ccc316f89472284e816bda72
noarch	gitweb-2.47.3-1.el10_0.noarch.rpm	23d2b1db94ddd27d46c82479a53f3df13c755aac952eb0817e96b4a39b09dc24
noarch	gitk-2.47.3-1.el10_0.noarch.rpm	45b3df6f789bdd8577a3cda2cabfe33d9d436b67ef01025b46453d25439e4bd1
noarch	git-core-doc-2.47.3-1.el10_0.noarch.rpm	74ec60b957467d9c227b9503693515cf269aeecc5ccd030e1e02e5913c4e2949
noarch	git-email-2.47.3-1.el10_0.noarch.rpm	8c6984e7dc61795c0870984cc9f56616b5ea2e74d31d9f795df350e7465cce7f
noarch	git-instaweb-2.47.3-1.el10_0.noarch.rpm	9336710adff149893d5fb11465f959a725fb9a2d4c88e9911f579a3ebad5c4ce
noarch	perl-Git-2.47.3-1.el10_0.noarch.rpm	934646f94c5315391d63ca73fefc0531bff234037a9006f559229915493a9f09
noarch	git-all-2.47.3-1.el10_0.noarch.rpm	d18356a77f1c0ea93db48cc41c978d11b621759efb33568d42448ef856940306
noarch	git-svn-2.47.3-1.el10_0.noarch.rpm	d3c0fcf8f98a83aab5ebed395f26b8fedc8742621c9a9c058c90921514c627bb
noarch	git-subtree-2.47.3-1.el10_0.noarch.rpm	d5cc2602c6b1745bb0817accb8a6f3adf42cd1df35802ccd94f74176f2a92bc4
ppc64le	git-daemon-2.47.3-1.el10_0.ppc64le.rpm	643818aaa3e9d369b432ea05c683a6fd98f535e1a6a4b9c347e6e385054a2e66
ppc64le	git-2.47.3-1.el10_0.ppc64le.rpm	77e87d57c947f3676cf03c1a90554685aa3ab5f34df17738c2949270cd61f3ce
ppc64le	git-core-2.47.3-1.el10_0.ppc64le.rpm	b87b7fc9a6347c04854d8827b85313f5127fca4ffe320f867fcf9430d9b1f9b3
ppc64le	git-credential-libsecret-2.47.3-1.el10_0.ppc64le.rpm	c801ab26db89847824083dda2dbe61f25fae746bd5441f8ddbb5cc451bdbfa22
s390x	git-2.47.3-1.el10_0.s390x.rpm	25a8675a7b1e932b91a0f1fd7e1cec08fa91123b9231ac243eb80af22e3189af
s390x	git-daemon-2.47.3-1.el10_0.s390x.rpm	33b75717843f3b332b91ff04f53e319190f9f3b021ffa16f04aa44482906a7ac
s390x	git-credential-libsecret-2.47.3-1.el10_0.s390x.rpm	639843c695033be1e4f84ecf3d38352cb688c30e8daa49518c9de6a1dde4c090
s390x	git-core-2.47.3-1.el10_0.s390x.rpm	e6566803d682eff6c04ee860c11286c2ae7862daf44b8e2d1fe5f8075a0c103e
x86_64	git-core-2.47.3-1.el10_0.x86_64.rpm	2ec1c57a924d8f9643d2f7019b1d9d6dde1564a56b77ac0f4ca71fa339c3e117
x86_64	git-2.47.3-1.el10_0.x86_64.rpm	66f34cecea6779102fd1def8deba03bb486df5a0e42c657e0e92ee841ebe59fb
x86_64	git-credential-libsecret-2.47.3-1.el10_0.x86_64.rpm	7f52e650acf947db2ca53a214bb0f933c3fe83746c4bb7fd739e3a8804031c44
x86_64	git-daemon-2.47.3-1.el10_0.x86_64.rpm	cb4be1c7829d00459cba9b7e79e0263e1af30535d6322cd113b03f91483fadd1
x86_64_v2	git-daemon-2.47.3-1.el10_0.x86_64_v2.rpm	53a1b2b43d3a5f342f7afd69393c5543587ea12e9d208de673f316babde74f20
x86_64_v2	git-2.47.3-1.el10_0.x86_64_v2.rpm	be3360cfafbe8899efe5121b660421c3f6f62d5658c0a99e4a5bb0f430bfa660
x86_64_v2	git-core-2.47.3-1.el10_0.x86_64_v2.rpm	d39f90d1f07abe1b04067332c7edc9f43316ef084afdd605dbadc50e5558f978
x86_64_v2	git-credential-libsecret-2.47.3-1.el10_0.x86_64_v2.rpm	f820d4df6b2915129acecc82ea49e63ca648e5e1b8cffb9701b848ea507026f8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.