ALSA-2023:2319

[ALSA-2023:2319] Moderate: git security and bug fix update

Type:

security

Severity:

moderate

Release date:

2023-05-12

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
* git: Bypass of safe.directory protections (CVE-2022-29187)
* git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
* git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-core-2.39.1-1.el9.aarch64.rpm	27363223e4f4ea8c44d7c5bc0a963cd832b7e0b193353c3a2e8ed6e00eaf831a
aarch64	git-credential-libsecret-2.39.1-1.el9.aarch64.rpm	4be7ba8393518553f546418b635d801ce72871291c01dd80efa0d6c17ad28d99
aarch64	git-2.39.1-1.el9.aarch64.rpm	75828a07f8198e0749d6bb4d3051984543804890be8e31d738414d41c4fa5858
aarch64	git-daemon-2.39.1-1.el9.aarch64.rpm	b5d7919e040e6704484afe29497f21283a0cfc0b4cfd5b948d0c96bd80737462
aarch64	git-subtree-2.39.1-1.el9.aarch64.rpm	cef6f973485c3ee64c4523fd976578bfaf3db9817a1b08673c75abb38a1c4d44
noarch	git-email-2.39.1-1.el9.noarch.rpm	06c5197bbb46f5f456332cf8ec8e64c088e7d9c7bd7fbd3f5be6febe4c10e3d3
noarch	git-all-2.39.1-1.el9.noarch.rpm	0ceda64a7e43f550ddd1e929e2be7bf62c433494b764bff188f0cc82621b6d40
noarch	git-core-doc-2.39.1-1.el9.noarch.rpm	18987b26a87ea025b06738f7228b549aae2c7a10d66faff4920937e1f1662fda
noarch	git-svn-2.39.1-1.el9.noarch.rpm	49ca591b4eb101559af0ad38343e245c13e7c5d76535ee67ad95ba62c86a94c7
noarch	gitweb-2.39.1-1.el9.noarch.rpm	4a3b1fcdd8bc561e13182eafa34e996725d960ecdf82ca4f67dedab9ca86f0ed
noarch	git-gui-2.39.1-1.el9.noarch.rpm	61a3868b23dde63f4bf4e29a1e50ffe5913b89a1090b7240e908e62a71622a74
noarch	git-instaweb-2.39.1-1.el9.noarch.rpm	64cf2a3ea318e2e438b6ed0dfc2bce43b86c4ed2e9a76660adfdc3f50efed40a
noarch	perl-Git-SVN-2.39.1-1.el9.noarch.rpm	83f3a7c296f27edd51f53ee53cbe2c9a2eda0f60668f8b9d5457c2ca6431be7f
noarch	perl-Git-2.39.1-1.el9.noarch.rpm	aae2f2a7bc2a33e01ac61a8f0ecab7b9cd1000e72c40f882c69e84df1803b144
noarch	gitk-2.39.1-1.el9.noarch.rpm	cb1e0cb42193227d09ed0a15c9124493df822c8ed8aad5ee6c09965bc71287a6
ppc64le	git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm	0c66252879ed5e6273969cc32495205993786e90cb843932357b25847f89a75f
ppc64le	git-2.39.1-1.el9.ppc64le.rpm	25dd5f3215e0ffde05d2330bf72394ef70954d28d54a167ba40dcf4b1f5af7de
ppc64le	git-daemon-2.39.1-1.el9.ppc64le.rpm	a33752bb0b01228c239b8bc93124268e01ee7d915dde2230582b12c78d9d629a
ppc64le	git-core-2.39.1-1.el9.ppc64le.rpm	ba65d0fdac89f21df1f576185ca265f78e7b7721e84c4c94ccba58b0271ce769
ppc64le	git-subtree-2.39.1-1.el9.ppc64le.rpm	c214f59c52862b63be2b2a71bfd1bb8ef954b0a8078337da995fb833205d9110
s390x	git-daemon-2.39.1-1.el9.s390x.rpm	27dd6585389f4cbfb2ae20dc7bc94eb6824c0be9de7b584d951df7f605f4d038
s390x	git-core-2.39.1-1.el9.s390x.rpm	31b0a37f347cd27e051972ed7b2c4ae74033efadde428c2191dbe79be690a2c9
s390x	git-2.39.1-1.el9.s390x.rpm	98c532dc9ae127fa57eca3295c5e4d82db57b7285644ce9d16553412375b2784
s390x	git-subtree-2.39.1-1.el9.s390x.rpm	b5b47fae3427679176274d9d9711b4d7f506a4acef715f041b611c04be4dc95e
s390x	git-credential-libsecret-2.39.1-1.el9.s390x.rpm	f7ff1a64abea940a8bc80ae46a1caecf95b38f060735957f4d3a82ebbb6940de
x86_64	git-daemon-2.39.1-1.el9.x86_64.rpm	56372fd6ea200b809b1d511bbda1655ac70b59a5f27de44c44a9b1f2c89b7378
x86_64	git-core-2.39.1-1.el9.x86_64.rpm	63dcd68c23e1e37c71cca5e88bedd9ac3e2340691c6ba19fcc7f85949ca391a1
x86_64	git-2.39.1-1.el9.x86_64.rpm	755d55a3303e83733332fdec32bb85729cdfb0fe7d66894903ea0e8bbe8e4f2d
x86_64	git-subtree-2.39.1-1.el9.x86_64.rpm	b7e148727ea05edc96981dc6438a469bd80ddd12b16d6bb68ada2e9dd5cd9f0d
x86_64	git-credential-libsecret-2.39.1-1.el9.x86_64.rpm	d80d4f81b32a1a30e8bb683373178cdcbb0a38763c20dcde71197d9262ea051c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.