Issued:: 2024-06-25
Updated:: 2024-06-25

RHSA-2024:4084 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

git: Recursive clones RCE (CVE-2024-32002)
git: RCE while cloning local repos (CVE-2024-32004)
git: additional local RCE (CVE-2024-32465)
git: insecure hardlinks (CVE-2024-32020)
git: symlink bypass (CVE-2024-32021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2280421 - CVE-2024-32002 git: Recursive clones RCE
BZ - 2280428 - CVE-2024-32004 git: RCE while cloning local repos
BZ - 2280446 - CVE-2024-32465 git: additional local RCE
BZ - 2280466 - CVE-2024-32020 git: insecure hardlinks
BZ - 2280484 - CVE-2024-32021 git: symlink bypass

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
git-2.43.5-1.el8_10.src.rpm	SHA-256: 394010de74eb28415fda1cfdd44f27ca365d7ebb2fb6e183d3fa95b8e36efc35
x86_64
git-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 790d88e719568543468ea5787baeb7a29929d3c089343388b3e8a8f297cb74d2
git-all-2.43.5-1.el8_10.noarch.rpm	SHA-256: e103456a5c725b64da9b4ae7f2cfe73dc853ecf5d73a4d27cd886ce1e9d0e804
git-core-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 2cd53240da88b94667e6bb9f02ed3da009a5eee614bfdde6a5d8d17c9e52242c
git-core-debuginfo-2.43.5-1.el8_10.x86_64.rpm	SHA-256: d037bf0343ed95cdea1b84ce99c20ad552e528e46adbed045b7ae2367c9f45a2
git-core-doc-2.43.5-1.el8_10.noarch.rpm	SHA-256: 8964c428be1e4d29bcdb7dab21928fdae8e9dec175d16aad5261f65fa221c95a
git-credential-libsecret-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 48bbbce5c4e178eaa42027e0b4b19f6618e8533f90258fc8b4ec65ad7b0c3a01
git-credential-libsecret-debuginfo-2.43.5-1.el8_10.x86_64.rpm	SHA-256: cd3464be47cfdcbb598774cbac0072ff7ed0d3be21ff404768426c93e8b7894e
git-daemon-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 6a67e47f561834720335ce4812a2dcd8683d4639f5abeac748c6f7397e0a9b3d
git-daemon-debuginfo-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 3c2af217f89ad04331ae883170e12ca00c792736ac413d0281ec82aafa80b848
git-debuginfo-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 9e1654ce08a945df895bbfb27d09f8b863e41a6250745454a0aa2851e5028a21
git-debugsource-2.43.5-1.el8_10.x86_64.rpm	SHA-256: 23be61d99b5063136b0ad2e5307202b568f189b5a43c0f6ed0796aa7e33fcbdf
git-email-2.43.5-1.el8_10.noarch.rpm	SHA-256: f37c95261274846572b59bd9f0552b260dea23f966695d4749c34195629b1ef7
git-gui-2.43.5-1.el8_10.noarch.rpm	SHA-256: cfb2f65601d9be57880a4a3fff47b0a6e0cc1b959801d674010f406142259d2c
git-instaweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: 837e2be214cfb344a616e439aa3c036000d2eb804fe20a32030d412d179e9ce5
git-subtree-2.43.5-1.el8_10.x86_64.rpm	SHA-256: d1a9873ecb19340189ca83d4b6d32ea327ff60eaf64293a4a7afcfad3097a01e
git-svn-2.43.5-1.el8_10.noarch.rpm	SHA-256: ce8f0156eb1d3767b974c2afc04b9b37006bf050cbf9f34f14acdc850d938e38
gitk-2.43.5-1.el8_10.noarch.rpm	SHA-256: 41d1532c66f75ed2b58693525d93c487b6543946efb6dd12edf3c3edd5732495
gitweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: a3c05f51170426826cd17c667a85b68be7e87f832608c8194cb5bfdcfe691183
perl-Git-2.43.5-1.el8_10.noarch.rpm	SHA-256: 084a4cf8531b3c09aeab819bb8c27e500e65520ce09308abd801c556eb8ebe77
perl-Git-SVN-2.43.5-1.el8_10.noarch.rpm	SHA-256: 4f5a9a2ca05104bee30318f7ed400522b378ab339ae747d34a26543e84934b84

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
git-2.43.5-1.el8_10.src.rpm	SHA-256: 394010de74eb28415fda1cfdd44f27ca365d7ebb2fb6e183d3fa95b8e36efc35
s390x
git-2.43.5-1.el8_10.s390x.rpm	SHA-256: 56863db85a988e8c9eab788aac98634d836d857ec868eda1b5bd542161c2114e
git-all-2.43.5-1.el8_10.noarch.rpm	SHA-256: e103456a5c725b64da9b4ae7f2cfe73dc853ecf5d73a4d27cd886ce1e9d0e804
git-core-2.43.5-1.el8_10.s390x.rpm	SHA-256: 60c55ca50fc517951bcbd465bc9f032c82675621a240888fcf7070f57d07aea1
git-core-debuginfo-2.43.5-1.el8_10.s390x.rpm	SHA-256: 3d94d988cdd678c2e973e7be2459be82bb2dbe8b7db193ae13d5c4a472d03ab1
git-core-doc-2.43.5-1.el8_10.noarch.rpm	SHA-256: 8964c428be1e4d29bcdb7dab21928fdae8e9dec175d16aad5261f65fa221c95a
git-credential-libsecret-2.43.5-1.el8_10.s390x.rpm	SHA-256: 8537fa4694845de94e8e9087a890f0529221a79f21290f7eaf847170b6efe44f
git-credential-libsecret-debuginfo-2.43.5-1.el8_10.s390x.rpm	SHA-256: 93f50ba0c1a2cc4886c8929723b5ff9d0bfb4d3bb4671cc167f6e9bc547bd541
git-daemon-2.43.5-1.el8_10.s390x.rpm	SHA-256: 74c224def547c825d34687ec530f954110eef606d963e5ccca749284e23c79eb
git-daemon-debuginfo-2.43.5-1.el8_10.s390x.rpm	SHA-256: 3e089c29862afa11a10c30f560660dbd572b308368b9caa6daead57f1bacf86f
git-debuginfo-2.43.5-1.el8_10.s390x.rpm	SHA-256: 056921cb8a1a92efdd2a85c2d42cfda272fa6b6a6778bff57536c9693bd7749b
git-debugsource-2.43.5-1.el8_10.s390x.rpm	SHA-256: 2411332b3e15c99bb63b45209777d98b5aef0743f697b30e64c101eb207f10a8
git-email-2.43.5-1.el8_10.noarch.rpm	SHA-256: f37c95261274846572b59bd9f0552b260dea23f966695d4749c34195629b1ef7
git-gui-2.43.5-1.el8_10.noarch.rpm	SHA-256: cfb2f65601d9be57880a4a3fff47b0a6e0cc1b959801d674010f406142259d2c
git-instaweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: 837e2be214cfb344a616e439aa3c036000d2eb804fe20a32030d412d179e9ce5
git-subtree-2.43.5-1.el8_10.s390x.rpm	SHA-256: a0dd9dd6aee1408a88929f013b9f919695bd05790a0a5df30e5c28e5b2920f2c
git-svn-2.43.5-1.el8_10.noarch.rpm	SHA-256: ce8f0156eb1d3767b974c2afc04b9b37006bf050cbf9f34f14acdc850d938e38
gitk-2.43.5-1.el8_10.noarch.rpm	SHA-256: 41d1532c66f75ed2b58693525d93c487b6543946efb6dd12edf3c3edd5732495
gitweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: a3c05f51170426826cd17c667a85b68be7e87f832608c8194cb5bfdcfe691183
perl-Git-2.43.5-1.el8_10.noarch.rpm	SHA-256: 084a4cf8531b3c09aeab819bb8c27e500e65520ce09308abd801c556eb8ebe77
perl-Git-SVN-2.43.5-1.el8_10.noarch.rpm	SHA-256: 4f5a9a2ca05104bee30318f7ed400522b378ab339ae747d34a26543e84934b84

Red Hat Enterprise Linux for Power, little endian 8

SRPM
git-2.43.5-1.el8_10.src.rpm	SHA-256: 394010de74eb28415fda1cfdd44f27ca365d7ebb2fb6e183d3fa95b8e36efc35
ppc64le
git-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 7123fd7c567cd41eaa6193cd3b8490496f2172751edd9835f13bc56e16b6347f
git-all-2.43.5-1.el8_10.noarch.rpm	SHA-256: e103456a5c725b64da9b4ae7f2cfe73dc853ecf5d73a4d27cd886ce1e9d0e804
git-core-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 0c597e3624e62883c18386bc0b85bba384551e5f136c4144448f4bc0ced0533f
git-core-debuginfo-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 87ae140349d8386df65028a025f35f7eff9dfdcb0bc42c8513d92528c96b200a
git-core-doc-2.43.5-1.el8_10.noarch.rpm	SHA-256: 8964c428be1e4d29bcdb7dab21928fdae8e9dec175d16aad5261f65fa221c95a
git-credential-libsecret-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 82852056e20ec26063d2c676e9f2f3f8fd0b766a584cefd9f61ea624ff0f8ab8
git-credential-libsecret-debuginfo-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 18738be18ed0f57644a385814fcf6a4fb057372f0ed0e2c137787902f1884355
git-daemon-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: e0d6d1a3cdf38739cbc5f9a6863ebe208ef1c9ef8c23ffc0af18edd2c77c2730
git-daemon-debuginfo-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 13a42fbbe67564639aef826ae7db4f19a329a6ef0aef804074ace4aab299033c
git-debuginfo-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 82066da90e4458c4ca6f0853f281576bebba638be36ee9e7279e75925f08510b
git-debugsource-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 9281b18719f8f897377113003f259d3e11f2ba984bade22d46f51f2b5cc60ed2
git-email-2.43.5-1.el8_10.noarch.rpm	SHA-256: f37c95261274846572b59bd9f0552b260dea23f966695d4749c34195629b1ef7
git-gui-2.43.5-1.el8_10.noarch.rpm	SHA-256: cfb2f65601d9be57880a4a3fff47b0a6e0cc1b959801d674010f406142259d2c
git-instaweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: 837e2be214cfb344a616e439aa3c036000d2eb804fe20a32030d412d179e9ce5
git-subtree-2.43.5-1.el8_10.ppc64le.rpm	SHA-256: 84c31d1e53827294f8eb9d2cd0decd4dc494cc6583e42f5092408d902176c85d
git-svn-2.43.5-1.el8_10.noarch.rpm	SHA-256: ce8f0156eb1d3767b974c2afc04b9b37006bf050cbf9f34f14acdc850d938e38
gitk-2.43.5-1.el8_10.noarch.rpm	SHA-256: 41d1532c66f75ed2b58693525d93c487b6543946efb6dd12edf3c3edd5732495
gitweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: a3c05f51170426826cd17c667a85b68be7e87f832608c8194cb5bfdcfe691183
perl-Git-2.43.5-1.el8_10.noarch.rpm	SHA-256: 084a4cf8531b3c09aeab819bb8c27e500e65520ce09308abd801c556eb8ebe77
perl-Git-SVN-2.43.5-1.el8_10.noarch.rpm	SHA-256: 4f5a9a2ca05104bee30318f7ed400522b378ab339ae747d34a26543e84934b84

Red Hat Enterprise Linux for ARM 64 8

SRPM
git-2.43.5-1.el8_10.src.rpm	SHA-256: 394010de74eb28415fda1cfdd44f27ca365d7ebb2fb6e183d3fa95b8e36efc35
aarch64
git-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 59aefe972d9d9eec228546d90f97bf8c9b81f42ccd6435ceacb0aef9f27afa06
git-all-2.43.5-1.el8_10.noarch.rpm	SHA-256: e103456a5c725b64da9b4ae7f2cfe73dc853ecf5d73a4d27cd886ce1e9d0e804
git-core-2.43.5-1.el8_10.aarch64.rpm	SHA-256: cecd2f9e935074c44424b4f926805b6d4e9a789a999b782b8ed215f390cc0f0b
git-core-debuginfo-2.43.5-1.el8_10.aarch64.rpm	SHA-256: f93c1e98d8054a4a1b2f00944ed3b794bdb5071c98e6c8758cb152bbd8cd5d7a
git-core-doc-2.43.5-1.el8_10.noarch.rpm	SHA-256: 8964c428be1e4d29bcdb7dab21928fdae8e9dec175d16aad5261f65fa221c95a
git-credential-libsecret-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 7aefd19623edea3879693af867fc0d9223bc253486764274568540d2fa4cf6f5
git-credential-libsecret-debuginfo-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 44841080c6b6697a4dab2d98f79429f0185f302f548c44c4874176ef1d93c690
git-daemon-2.43.5-1.el8_10.aarch64.rpm	SHA-256: b96007b254bc72e579d80f20a61bdda72301ae15e17dc52492910e694e5eca52
git-daemon-debuginfo-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 51c06c5c4967329a59679eced7a1d4d65367d9dfa36e728ed59dabb882627df5
git-debuginfo-2.43.5-1.el8_10.aarch64.rpm	SHA-256: b9077cc438b84e136b231e6fdb23151e9bda2c6e1d0c820d1299a7b048a43cc5
git-debugsource-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 5d820a1b63e12e969eb2c8ac473ea6a62b22059adfccedb58424d967aec09afd
git-email-2.43.5-1.el8_10.noarch.rpm	SHA-256: f37c95261274846572b59bd9f0552b260dea23f966695d4749c34195629b1ef7
git-gui-2.43.5-1.el8_10.noarch.rpm	SHA-256: cfb2f65601d9be57880a4a3fff47b0a6e0cc1b959801d674010f406142259d2c
git-instaweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: 837e2be214cfb344a616e439aa3c036000d2eb804fe20a32030d412d179e9ce5
git-subtree-2.43.5-1.el8_10.aarch64.rpm	SHA-256: 7604b03bb0dafe97ce730ae61caa9105c6f358966e484f931b53c11b8e4d4f3b
git-svn-2.43.5-1.el8_10.noarch.rpm	SHA-256: ce8f0156eb1d3767b974c2afc04b9b37006bf050cbf9f34f14acdc850d938e38
gitk-2.43.5-1.el8_10.noarch.rpm	SHA-256: 41d1532c66f75ed2b58693525d93c487b6543946efb6dd12edf3c3edd5732495
gitweb-2.43.5-1.el8_10.noarch.rpm	SHA-256: a3c05f51170426826cd17c667a85b68be7e87f832608c8194cb5bfdcfe691183
perl-Git-2.43.5-1.el8_10.noarch.rpm	SHA-256: 084a4cf8531b3c09aeab819bb8c27e500e65520ce09308abd801c556eb8ebe77
perl-Git-SVN-2.43.5-1.el8_10.noarch.rpm	SHA-256: 4f5a9a2ca05104bee30318f7ed400522b378ab339ae747d34a26543e84934b84

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation