ALSA-2023:3246

[ALSA-2023:3246] Important: git security update

Type:

security

Severity:

important

Release date:

2023-05-23

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
* git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
* git: data exfiltration with maliciously crafted repository (CVE-2023-22490)
* git: git apply: a path outside the working tree can be overwritten with crafted input (CVE-2023-23946)
* git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-credential-libsecret-2.39.3-1.el8_8.aarch64.rpm	00b0bd01c87f15792b9af37e691094406b74741b380555bba5c634d5d21c6979
aarch64	git-daemon-2.39.3-1.el8_8.aarch64.rpm	128903a94e3802c001ee176d7d50edccebdc732d6fbb5c87440124d7705e02cb
aarch64	git-2.39.3-1.el8_8.aarch64.rpm	a8c253f9a161125c37b44665ed65126b5d057ee878d7960b385efbe7ac489c57
aarch64	git-core-2.39.3-1.el8_8.aarch64.rpm	bc9bcac8736cb6a3b1780f527ee3fb0f0cf0825d034d56b1e7a12eb10bf3bd6c
aarch64	git-subtree-2.39.3-1.el8_8.aarch64.rpm	beae03618be1e10158c3c5e4b09ae37a6ce4d6d9935ada6021a3278155ba7fe7
noarch	gitk-2.39.3-1.el8_8.noarch.rpm	180edef96d1074818e972bb8f4206fea2201869215e0d8376470c52a6c35c48f
noarch	perl-Git-SVN-2.39.3-1.el8_8.noarch.rpm	4066d3303e606c889add98cc0d069ac420666eeb957106cda192992c1d52fe11
noarch	git-all-2.39.3-1.el8_8.noarch.rpm	41f7dbe606a206fb19443ea731f73a82ac039d08f5315e36c0a52a43c1cab2e1
noarch	git-gui-2.39.3-1.el8_8.noarch.rpm	499936e945a6ca0254faceaf95da532ed71bba81554e963fb41cb8878655152a
noarch	git-instaweb-2.39.3-1.el8_8.noarch.rpm	4af8a7cc25ec4328c3e42447d539b6769c575973cdd1f2286fa9a3c1c7221af5
noarch	gitweb-2.39.3-1.el8_8.noarch.rpm	73040e605ce09ede7112de3e8671ed4cb87542d3b9062758c711e6262f70483b
noarch	git-svn-2.39.3-1.el8_8.noarch.rpm	7f5f31c233c53c0338ec3f9eca352bdaca0cc3f6a024dd343792b86eff008c8c
noarch	git-core-doc-2.39.3-1.el8_8.noarch.rpm	afb6b79a271b4d2315aac0b3671984d453cf603bd429c2dd6397fa5ddbdee6ca
noarch	perl-Git-2.39.3-1.el8_8.noarch.rpm	affdca44c0c45a0fd113d674f673549381d5c53767bb25f572f07f274489ece2
noarch	git-email-2.39.3-1.el8_8.noarch.rpm	fc41dc697ca34c2276bb54b9db9235cb3b4d11afa37ea8f9273bc25d1b87cd49
ppc64le	git-credential-libsecret-2.39.3-1.el8_8.ppc64le.rpm	21abf3245aeeb4701c771c15b4f397b6c2d10525cbd4145a30a4cec810248f45
ppc64le	git-core-2.39.3-1.el8_8.ppc64le.rpm	4c75d51900cdbe02254d4014a4068e7827a751f721d0d3639346fd2c2daf913b
ppc64le	git-2.39.3-1.el8_8.ppc64le.rpm	80c3f91702186dcf09401d1da983fdd2eea4855a8529e011814a047b57d60f79
ppc64le	git-daemon-2.39.3-1.el8_8.ppc64le.rpm	d39de5d5d38b58ca85c5b25cca4d3e46ac184d477d3402f34e4e3f432ad643ef
ppc64le	git-subtree-2.39.3-1.el8_8.ppc64le.rpm	f2fd900d63de2f6db77958e09f4e574827ac9a2e026e2ed22eddfee29fad0733
s390x	git-subtree-2.39.3-1.el8_8.s390x.rpm	34e7a4fe381f50995c315f28c3519a8ad657b54f4744c0652519e32c20db1025
s390x	git-credential-libsecret-2.39.3-1.el8_8.s390x.rpm	37877ed3415c3933b2928cffbf4b3badf494dac70767725e7dfa06b05a25233a
s390x	git-daemon-2.39.3-1.el8_8.s390x.rpm	3828574613fd06198215ec1ce1e17560e56a94ea714acb6a7543302e4b537793
s390x	git-2.39.3-1.el8_8.s390x.rpm	5a60f5bcdd93903016b16c77ce2b3af135033bfd6191b5d66c5b90858fc8dae2
s390x	git-core-2.39.3-1.el8_8.s390x.rpm	60fc99721e3e7c5db9cca35ad5ab96b07b8fb9728170ab6a56fbeb035eff7851
x86_64	git-2.39.3-1.el8_8.x86_64.rpm	1943d753cb5084983036fc8cac1339ca7c658c50835f0de2bc372285bbfa59d4
x86_64	git-daemon-2.39.3-1.el8_8.x86_64.rpm	4e130dfdc1298f72372f67c1fcd7267f9e4fb674a6d2eb5bd5352e05bf1a095e
x86_64	git-credential-libsecret-2.39.3-1.el8_8.x86_64.rpm	97317e429333fe6d6e520addb357820477a2c5ce809e1e103f9fc0582242d1ba
x86_64	git-core-2.39.3-1.el8_8.x86_64.rpm	b72825bba1df9def0a2aca426c50c27749a7402ffc74020ab125c6471cc2dd8a
x86_64	git-subtree-2.39.3-1.el8_8.x86_64.rpm	b9c04fb2b66ca95bbbfa6ccb5efa15181677edf070c0d1c58797390a67d9b148

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.