ALSA-2023:2859

[ALSA-2023:2859] Moderate: git security and bug fix update

Type:

security

Severity:

moderate

Release date:

2023-05-19

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
* git: Bypass of safe.directory protections (CVE-2022-29187)
* git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
* git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-core-2.39.1-1.el8.aarch64.rpm	5f509d18616304d67e38ac2e29c7b5940463bc890c8ddc40a9e7cd251d22820b
aarch64	git-2.39.1-1.el8.aarch64.rpm	60c79ec3602f702e8e1e87c47193cb0b352baa89f56a009632dac702f1b17f20
aarch64	git-daemon-2.39.1-1.el8.aarch64.rpm	8187d3b44b8cda05f23b62f92e6041752559e96bec49a4e3d052fe7b3bf4388f
aarch64	git-credential-libsecret-2.39.1-1.el8.aarch64.rpm	8f103542b507463c0f1dbfc3bfc9f38de8b65825fd9b687857123399a5a265d4
aarch64	git-subtree-2.39.1-1.el8.aarch64.rpm	ecd90cdfd2055c51bf750c8ab20d66a3080c303d719d03da4a9ba0447af32687
noarch	git-all-2.39.1-1.el8.noarch.rpm	0566d844b70187e67b84ed07d08378a5637759a9c34839f0848a3422cac23f6f
noarch	git-gui-2.39.1-1.el8.noarch.rpm	69c8e0b8e4c26db67c90c3884fbfc39e290198b6511cf642b00427dbd9e72e84
noarch	perl-Git-SVN-2.39.1-1.el8.noarch.rpm	6b3177aa4fca6b13cb78855a4d958ff6df911100c2421689e7fc602e5fc2c821
noarch	git-svn-2.39.1-1.el8.noarch.rpm	76dd50cf343aaf3b52c26c5da4e1176b46976c6b506458d88cf13f386191a293
noarch	gitk-2.39.1-1.el8.noarch.rpm	772fdaec4cc20b1a4c71fbeacb932182b2294c60a21dda9657675f38c3c7a3cd
noarch	perl-Git-2.39.1-1.el8.noarch.rpm	a85464031c331bccff03880eb1d19c0bcad79b56dc6ede2cd32efd5f15ac727f
noarch	git-email-2.39.1-1.el8.noarch.rpm	b169344fd503a8a9ca084959b273c8046e7a36cd74362c183da8373371913a9a
noarch	git-instaweb-2.39.1-1.el8.noarch.rpm	b874ac4248abcbb071d5b7ad45a6c7851b8d9eaa9523564ecc3a589a3e7b2f1d
noarch	git-core-doc-2.39.1-1.el8.noarch.rpm	ea61ed98b2b091f0e817b66c4ad1e1a9a4a0389dc9a5872cb41ce1b9fd7b20ed
noarch	gitweb-2.39.1-1.el8.noarch.rpm	eeecd9c121a954a4b53a963e8212d6e60b24370905af1f7bfe149301af1210ff
ppc64le	git-core-2.39.1-1.el8.ppc64le.rpm	5d8ed44ee31176871f6aadad1f166fa4a6e736c2c1114e175dfab07caa2fd841
ppc64le	git-subtree-2.39.1-1.el8.ppc64le.rpm	5f45a5b4d782978db68ee41c2f6b3231596824187cb7a296713bf86b0a159a92
ppc64le	git-credential-libsecret-2.39.1-1.el8.ppc64le.rpm	afbe8a702f6e51aa90d64ce91be8e9483bb54d4dc9ca884ffa6a288c386bb550
ppc64le	git-daemon-2.39.1-1.el8.ppc64le.rpm	e8e093362e9f261c312f02febf53e03e35bd94a3f1aba0359d7206f447af1b2d
ppc64le	git-2.39.1-1.el8.ppc64le.rpm	f566231d782bbf148606f2ab087ca9cb82421fdbbef5b6c4ca16a6d2451a339f
s390x	git-credential-libsecret-2.39.1-1.el8.s390x.rpm	3b6dbb5c18941c690dc3fad7b660d8dda0c0a2ae2eb30cb12e23d5caf99541b5
s390x	git-2.39.1-1.el8.s390x.rpm	5bea0fbec7b1d1f99abfa8e865af40fed625eb20ef693fc11213553a4651f5d2
s390x	git-core-2.39.1-1.el8.s390x.rpm	8e111595ca7efd0fcf24cab52552d625ebb38a20f4958ba50f44c1876cb9d520
s390x	git-daemon-2.39.1-1.el8.s390x.rpm	9cef5c79bedcfe9fb837d9993728d7f0d7f5c90f3f61aba4d57b2ba582b9226b
s390x	git-subtree-2.39.1-1.el8.s390x.rpm	e761720f1567f3c354becc3fcc565ae47dd7040387881a4db0795920e8d73e0f
x86_64	git-2.39.1-1.el8.x86_64.rpm	650fef375f0fe0c73866c88202d5671ddf2d9a79afa277c1566f8d50c5321507
x86_64	git-credential-libsecret-2.39.1-1.el8.x86_64.rpm	779151c8a6403ac7c8724889a3a16db9faae996485ae7019f1f5c4c33007f0e0
x86_64	git-core-2.39.1-1.el8.x86_64.rpm	797feed9edb170d9aa60e8af4b57572e91fd013aca68644d1297c554581d98d3
x86_64	git-subtree-2.39.1-1.el8.x86_64.rpm	d8404f2b89e7005ae64d5a45cd84cf94db6a141d9b5dfc4c9a8832423c47e7a2
x86_64	git-daemon-2.39.1-1.el8.x86_64.rpm	dd12d02a626d0c676a78adc47520a3665a462221245eab19a1d5b9b94fab6588

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.