ALSA-2023:3245

[ALSA-2023:3245] Important: git security update

Type:

security

Severity:

important

Release date:

2023-05-23

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
* git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
* git: data exfiltration with maliciously crafted repository (CVE-2023-22490)
* git: git apply: a path outside the working tree can be overwritten with crafted input (CVE-2023-23946)
* git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	git-credential-libsecret-2.39.3-1.el9_2.aarch64.rpm	343df3ccc74d1f3f07fb6c0d07e8b2e03a5abe877c36e46d863fd5101efa3cfe
aarch64	git-core-2.39.3-1.el9_2.aarch64.rpm	545a7c97f5a6ad1cb26d8295c75bfa5baae89517733c9aec977845e90f3db8d2
aarch64	git-daemon-2.39.3-1.el9_2.aarch64.rpm	646683026e6862c573d127a9c76b41a31aaa288e217ac1bd023931ad8218a16b
aarch64	git-2.39.3-1.el9_2.aarch64.rpm	84261c8cbc876f9722518cea2f02090ec08fde4d7321c291ee11862803a8dbff
aarch64	git-subtree-2.39.3-1.el9_2.aarch64.rpm	d5d7d308cf3d38a79a49117bb0664607b9a7d9234d02671ef0fa2a6305357bab
noarch	gitk-2.39.3-1.el9_2.noarch.rpm	04a2388d3e9ffb30522f40ace6f0a951d5a7c576dc9eb97225a20e1aa4e04bba
noarch	git-svn-2.39.3-1.el9_2.noarch.rpm	0636562f42e814d92392db782ba76cfe9c1390d452d16d989a351a09a0d63b33
noarch	git-core-doc-2.39.3-1.el9_2.noarch.rpm	163f5c8d6e84b4be3f209c33183e0a11de041adfc4b3b14a5d57bcbe0a4999b4
noarch	git-all-2.39.3-1.el9_2.noarch.rpm	3e1dbc5f1874088b71b915fae08f416a113b12439c096cdeb0725da8e8bb5bf3
noarch	git-instaweb-2.39.3-1.el9_2.noarch.rpm	905ff58172d1fd914ae9bfa839b21d0fa622ace54e5d9318e007f48605bdfc0f
noarch	gitweb-2.39.3-1.el9_2.noarch.rpm	a4131b18978fa1c3ae539342fb16889a1189fd4f66e1210dafec949a3808fbb8
noarch	git-email-2.39.3-1.el9_2.noarch.rpm	b2adac3046b74cb33b1ff0fd2dde28421f58088c9d0d35d861ea0785a61dacd5
noarch	perl-Git-2.39.3-1.el9_2.noarch.rpm	bfebb49bf3fb5a4fd336c3447944475c29edc7a16f24ff3b781909cb83d0d952
noarch	perl-Git-SVN-2.39.3-1.el9_2.noarch.rpm	c72e222bbb014814f18e10de524d317e82589fa7e6680080cd21ae03036ee5d4
noarch	git-gui-2.39.3-1.el9_2.noarch.rpm	d329b8f22f182b3b06ee32639fb3345bef1d82435f89e58c5c35a90a2a239a1c
ppc64le	git-2.39.3-1.el9_2.ppc64le.rpm	334eab05dfde2189ef9e21918ff4be92d236822a486306b3dc537030b5ec055e
ppc64le	git-subtree-2.39.3-1.el9_2.ppc64le.rpm	7823d0cf25fef48b97bf7702649e4920529e7ed83882248ecc0b02f603bdd8ba
ppc64le	git-daemon-2.39.3-1.el9_2.ppc64le.rpm	8ed8c0a420f788f675c3d1413cafd158d68685118c8cef6e62f6e6d7fb5d8aa0
ppc64le	git-core-2.39.3-1.el9_2.ppc64le.rpm	afe7c7fbef169a961bd091b22ca9f0c8e0dc7bdf8c909c1e0568c7c00202368f
ppc64le	git-credential-libsecret-2.39.3-1.el9_2.ppc64le.rpm	baf64ab59bdbbf43d8a5787e0d05d5683e1b65a2d0bb4c95f5bc9243a1e83e15
s390x	git-credential-libsecret-2.39.3-1.el9_2.s390x.rpm	0d3c4ab16742c0d8f04e6f37a1fbe14678c3c7231406d67fb4ba1b314799dc05
s390x	git-core-2.39.3-1.el9_2.s390x.rpm	58ceed640a77626df7cf0286077913ae04f5243cf7f3a7bccb258f0647126ac1
s390x	git-daemon-2.39.3-1.el9_2.s390x.rpm	865af6eadd8668af99e4fd5fcb4246873f2f63d2f94d4d646de83b4069ed9e85
s390x	git-2.39.3-1.el9_2.s390x.rpm	c3b35de509ec790d07740b07a8bc6888e4f8e571a829dff7b590aee7f1d38cfb
s390x	git-subtree-2.39.3-1.el9_2.s390x.rpm	e6ee5c94e6688aa112af70dac761668befd1c081027e0da406c6bf323894f9d2
x86_64	git-core-2.39.3-1.el9_2.x86_64.rpm	01c4926056145fa0a1dc3af10da1eb60776dedf5cdc80bccc06648f26194cf4e
x86_64	git-subtree-2.39.3-1.el9_2.x86_64.rpm	52a4d3f35ea82bc7e92023efcb12f5e14805e48a4d8132bc6f680396a8fcf7e7
x86_64	git-daemon-2.39.3-1.el9_2.x86_64.rpm	64bd9755e469a0b42f3250a6311c2059d24391280d7e25531a5eb4ba71b9cebc
x86_64	git-2.39.3-1.el9_2.x86_64.rpm	975527f621eda1a3bcb3f128b2a2cb29c017434648dbd952a783129742cb825e
x86_64	git-credential-libsecret-2.39.3-1.el9_2.x86_64.rpm	b310b40cba7cf2c9460d23d2bc4fc116d76f75ed6c1828a08b25157bf0624c91

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.