AlmaLinux 2324 Published by

A git security update has been released for AlmaLinux 8.



ALSA-2023:3246 Important: git security update


Type:
security

Severity:
important

Release date:
2023-05-23

Description
Security Fix(es):
* git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
* git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
* git: data exfiltration with maliciously crafted repository (CVE-2023-22490)
* git: git apply: a path outside the working tree can be overwritten with crafted input (CVE-2023-23946)
* git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
RHSA-2023:3246
CVE-2023-22490
CVE-2023-23946
CVE-2023-25652
CVE-2023-25815
CVE-2023-29007
ALSA-2023:3246

Updates packages:
gitk-2.39.3-1.el8_8.noarch.rpm
perl-Git-SVN-2.39.3-1.el8_8.noarch.rpm
git-all-2.39.3-1.el8_8.noarch.rpm
git-gui-2.39.3-1.el8_8.noarch.rpm
git-instaweb-2.39.3-1.el8_8.noarch.rpm
gitweb-2.39.3-1.el8_8.noarch.rpm
git-svn-2.39.3-1.el8_8.noarch.rpm
git-core-doc-2.39.3-1.el8_8.noarch.rpm
perl-Git-2.39.3-1.el8_8.noarch.rpm
git-email-2.39.3-1.el8_8.noarch.rpm
git-credential-libsecret-2.39.3-1.el8_8.aarch64.rpm
git-daemon-2.39.3-1.el8_8.aarch64.rpm
git-2.39.3-1.el8_8.aarch64.rpm
git-core-2.39.3-1.el8_8.aarch64.rpm
git-subtree-2.39.3-1.el8_8.aarch64.rpm
git-2.39.3-1.el8_8.x86_64.rpm
git-daemon-2.39.3-1.el8_8.x86_64.rpm
git-credential-libsecret-2.39.3-1.el8_8.x86_64.rpm
git-core-2.39.3-1.el8_8.x86_64.rpm
git-subtree-2.39.3-1.el8_8.x86_64.rpm
git-subtree-2.39.3-1.el8_8.s390x.rpm
git-credential-libsecret-2.39.3-1.el8_8.s390x.rpm
git-daemon-2.39.3-1.el8_8.s390x.rpm
git-2.39.3-1.el8_8.s390x.rpm
git-core-2.39.3-1.el8_8.s390x.rpm
git-credential-libsecret-2.39.3-1.el8_8.ppc64le.rpm
git-core-2.39.3-1.el8_8.ppc64le.rpm
git-2.39.3-1.el8_8.ppc64le.rpm
git-daemon-2.39.3-1.el8_8.ppc64le.rpm
git-subtree-2.39.3-1.el8_8.ppc64le.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:3246 Important: git security update