Issued:: 2023-05-31
Updated:: 2023-05-31

RHSA-2023:3382 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652)
git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007)
git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
BZ - 2188337 - CVE-2023-25815 git: malicious placement of crafted messages when git was compiled with runtime prefix
BZ - 2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
git-2.18.4-4.el8_2.src.rpm	SHA-256: 239f08ec8d0ca608c5c2adfc7bb186f60bb79a8498d99dbeaadccd0ed2732c0c
x86_64
git-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 0e037799bb6c22fb53f953b72c8d24ae7082ffb2efb01761c2811de839a16ff6
git-all-2.18.4-4.el8_2.noarch.rpm	SHA-256: 329e652d5ef46dbd6a01adcdbe7aa42643a2ce1009f0b6d1b4f0298212f243f2
git-core-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 4dd428568a2cb548df7a40e51723e51ff230bbeca9db6f6d11f5082a3005b600
git-core-debuginfo-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 95160d49cdd842391d4990fb4db0a22626fc02238c6b4f219e05834db573d11f
git-core-doc-2.18.4-4.el8_2.noarch.rpm	SHA-256: e4e0ae3b7bf87c245a3e0adb852c4ebc1e3b86bd930c1beaaf869fd8bb050164
git-daemon-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 9f61429a067c4ee15066c825f3518d4f33ba291967f93ccece141926cab17786
git-daemon-debuginfo-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 7faadb6b00c5829d14c59f68acc2893c9c8526445777da876f40b3818d7df0b9
git-debuginfo-2.18.4-4.el8_2.x86_64.rpm	SHA-256: c1f6a665548ed9751b094ba77320f403497f2c41e9fc024d6e5adc2283db41cb
git-debugsource-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 688283d7c0ccad2137d90e06d9eaa852b6e89b53bf22eca9a09c15c8e715f79b
git-email-2.18.4-4.el8_2.noarch.rpm	SHA-256: 40edbd57df5cc173fa8f652873dab4f956d3f83c93340eec3d267c360950b41e
git-gui-2.18.4-4.el8_2.noarch.rpm	SHA-256: 5d4fd4f595b0359a247e585f1a4b3f2c61b8872f0374a05fd1fca137c696c762
git-instaweb-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 59ebd93e3b19404e42fc49cd4dc97efb138992b32f2aba25d407b8db0abc7d7b
git-subtree-2.18.4-4.el8_2.x86_64.rpm	SHA-256: b0f85f7bc4dd2330b12f516aea5c3b3073a326b59f1eff5b4da98868ec07d7ed
git-svn-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 78265d35c4b559bf3054d78a3d8506f776ff68b7a3dad20f005f13bec3324d66
git-svn-debuginfo-2.18.4-4.el8_2.x86_64.rpm	SHA-256: 7a1619d7273e2997b467d798d57288dfc873ad04cb28d618080f12c34aa3d622
gitk-2.18.4-4.el8_2.noarch.rpm	SHA-256: ee17c6f4b4e40d70629c86ac87ea66ad72aa98b687a2946fd01bee8eb1967381
gitweb-2.18.4-4.el8_2.noarch.rpm	SHA-256: 8cd7394cbcdab1d79ee4a92249ce97e01b14821540316ad0b79043bbbe34a097
perl-Git-2.18.4-4.el8_2.noarch.rpm	SHA-256: 7606e4ce00f30ff77759c51c4266c507430de31a557da061dad74b9a0c6a4d9d
perl-Git-SVN-2.18.4-4.el8_2.noarch.rpm	SHA-256: 47cb91028c74faa2b78abd1ce0654a9bcf12878d281e2bc8a03f3c6b3ad775c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation