Red Hat Product Errata RHSA-2024:6027 - Security Advisory
Issued:
2024-08-29
Updated:
2024-08-29

RHSA-2024:6027 - Security Advisory

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

  • git: Recursive clones RCE (CVE-2024-32002)
  • git: RCE while cloning local repos (CVE-2024-32004)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2280421 - CVE-2024-32002 git: Recursive clones RCE
  • BZ - 2280428 - CVE-2024-32004 git: RCE while cloning local repos

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
git-2.31.8-3.el8_6.src.rpm SHA-256: 1844ec419eeab6965611655f9132b8fbf94ce1171540d53a534e5f71ef7ebf04
x86_64
git-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1315729a9b780978870d1fa774aa0fc971606d364010b1cc9c45b32d2b080ced
git-all-2.31.8-3.el8_6.noarch.rpm SHA-256: ea008d4ede02fb636019710218059cb9b6691dc95e09689236445dc2eea4db72
git-core-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1406550952415580044a49a2376c8043948b3e08f40daa24040401905c9ce3cd
git-core-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 64c814086cbe78737442d332eb452352c904dc86a8efee561ef24d800fc1db5a
git-core-doc-2.31.8-3.el8_6.noarch.rpm SHA-256: 03d12bb52e7f9956a37123ab49c8594cb37e4be8305feb491af5723a7979cefa
git-credential-libsecret-2.31.8-3.el8_6.x86_64.rpm SHA-256: 526d1c54728cdbfdbfe927434219eb05e56c08364ee37e2b52ccf28c497d195b
git-credential-libsecret-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 7547744b0eb380fd305b2c94620d570cdbf252ac180b89139b5ae518d9671e58
git-daemon-2.31.8-3.el8_6.x86_64.rpm SHA-256: 3128c3392461f1581f28a56bd836d986f261f9f40bc9c35526352cf81c61138a
git-daemon-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 558df2a85c7f5fab9c5acb0ca1c3ad0b683b3025e717d9079f53828bea052da6
git-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: ce64b9ce0e4d034d6287ed573c82975e48d8102f0b77d96e025abd0c99d529b9
git-debugsource-2.31.8-3.el8_6.x86_64.rpm SHA-256: 73ad1e48dc487dd2d151a9086d9c6bf41b29bf072e9eddd1c6a06b442c2d5770
git-email-2.31.8-3.el8_6.noarch.rpm SHA-256: 55cac69d2aa9f2c238624917fa52592115031b434d4120c333250c6347a5acff
git-gui-2.31.8-3.el8_6.noarch.rpm SHA-256: 9c62ddfe3ccec018232727d329f49a28a452c7559d713e9d309682f4a8a3eb91
git-instaweb-2.31.8-3.el8_6.noarch.rpm SHA-256: ba898ee99b3131ea5a3a8cd727d14d5840b5f3fc77d4eeab09a3ffc52bc07b11
git-subtree-2.31.8-3.el8_6.x86_64.rpm SHA-256: 091c224b35d377e5c51b531f066419713982bf170ffa00ad7b165293706ec599
git-svn-2.31.8-3.el8_6.noarch.rpm SHA-256: 8a4340de0d4f259c693c38f0ddc5abb55d8c09f38c744319b510c9a05671af58
gitk-2.31.8-3.el8_6.noarch.rpm SHA-256: 23d7137264390651f66cc4d05bd37829946ed6cd14ba8049a5e8d910464032db
gitweb-2.31.8-3.el8_6.noarch.rpm SHA-256: 599c519c925adab497dc2153b6a21aac956e3e64ef7281a3c10b21ea095504cf
perl-Git-2.31.8-3.el8_6.noarch.rpm SHA-256: 2a112a64f84a026cf9fc6357ba011ecec5b034a0bcc6b6b3dbb7d39d1c7608da
perl-Git-SVN-2.31.8-3.el8_6.noarch.rpm SHA-256: 6f9dfb1b2a080752f52530119b63d647fd805ff6cd78df3cf05d85b689175f5d

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
git-2.31.8-3.el8_6.src.rpm SHA-256: 1844ec419eeab6965611655f9132b8fbf94ce1171540d53a534e5f71ef7ebf04
x86_64
git-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1315729a9b780978870d1fa774aa0fc971606d364010b1cc9c45b32d2b080ced
git-all-2.31.8-3.el8_6.noarch.rpm SHA-256: ea008d4ede02fb636019710218059cb9b6691dc95e09689236445dc2eea4db72
git-core-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1406550952415580044a49a2376c8043948b3e08f40daa24040401905c9ce3cd
git-core-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 64c814086cbe78737442d332eb452352c904dc86a8efee561ef24d800fc1db5a
git-core-doc-2.31.8-3.el8_6.noarch.rpm SHA-256: 03d12bb52e7f9956a37123ab49c8594cb37e4be8305feb491af5723a7979cefa
git-credential-libsecret-2.31.8-3.el8_6.x86_64.rpm SHA-256: 526d1c54728cdbfdbfe927434219eb05e56c08364ee37e2b52ccf28c497d195b
git-credential-libsecret-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 7547744b0eb380fd305b2c94620d570cdbf252ac180b89139b5ae518d9671e58
git-daemon-2.31.8-3.el8_6.x86_64.rpm SHA-256: 3128c3392461f1581f28a56bd836d986f261f9f40bc9c35526352cf81c61138a
git-daemon-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 558df2a85c7f5fab9c5acb0ca1c3ad0b683b3025e717d9079f53828bea052da6
git-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: ce64b9ce0e4d034d6287ed573c82975e48d8102f0b77d96e025abd0c99d529b9
git-debugsource-2.31.8-3.el8_6.x86_64.rpm SHA-256: 73ad1e48dc487dd2d151a9086d9c6bf41b29bf072e9eddd1c6a06b442c2d5770
git-email-2.31.8-3.el8_6.noarch.rpm SHA-256: 55cac69d2aa9f2c238624917fa52592115031b434d4120c333250c6347a5acff
git-gui-2.31.8-3.el8_6.noarch.rpm SHA-256: 9c62ddfe3ccec018232727d329f49a28a452c7559d713e9d309682f4a8a3eb91
git-instaweb-2.31.8-3.el8_6.noarch.rpm SHA-256: ba898ee99b3131ea5a3a8cd727d14d5840b5f3fc77d4eeab09a3ffc52bc07b11
git-subtree-2.31.8-3.el8_6.x86_64.rpm SHA-256: 091c224b35d377e5c51b531f066419713982bf170ffa00ad7b165293706ec599
git-svn-2.31.8-3.el8_6.noarch.rpm SHA-256: 8a4340de0d4f259c693c38f0ddc5abb55d8c09f38c744319b510c9a05671af58
gitk-2.31.8-3.el8_6.noarch.rpm SHA-256: 23d7137264390651f66cc4d05bd37829946ed6cd14ba8049a5e8d910464032db
gitweb-2.31.8-3.el8_6.noarch.rpm SHA-256: 599c519c925adab497dc2153b6a21aac956e3e64ef7281a3c10b21ea095504cf
perl-Git-2.31.8-3.el8_6.noarch.rpm SHA-256: 2a112a64f84a026cf9fc6357ba011ecec5b034a0bcc6b6b3dbb7d39d1c7608da
perl-Git-SVN-2.31.8-3.el8_6.noarch.rpm SHA-256: 6f9dfb1b2a080752f52530119b63d647fd805ff6cd78df3cf05d85b689175f5d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
git-2.31.8-3.el8_6.src.rpm SHA-256: 1844ec419eeab6965611655f9132b8fbf94ce1171540d53a534e5f71ef7ebf04
ppc64le
git-2.31.8-3.el8_6.ppc64le.rpm SHA-256: 6df6c3d611dcbd01dd7e5c3191d8c1b38b50da08368cca1d6f55810524f30957
git-all-2.31.8-3.el8_6.noarch.rpm SHA-256: ea008d4ede02fb636019710218059cb9b6691dc95e09689236445dc2eea4db72
git-core-2.31.8-3.el8_6.ppc64le.rpm SHA-256: 1e9bd654239929de45a54fe29cba615082ebd271b2cdf91a65a7fae40412b436
git-core-debuginfo-2.31.8-3.el8_6.ppc64le.rpm SHA-256: e84e1d75431252acf29299011e8df3acda9205308b442aa472a37a415a09f912
git-core-doc-2.31.8-3.el8_6.noarch.rpm SHA-256: 03d12bb52e7f9956a37123ab49c8594cb37e4be8305feb491af5723a7979cefa
git-credential-libsecret-2.31.8-3.el8_6.ppc64le.rpm SHA-256: 8c2cc44e4f79d1d7ddefa423952cf23564ba938dec78fef17d99f80a40201412
git-credential-libsecret-debuginfo-2.31.8-3.el8_6.ppc64le.rpm SHA-256: a22b56daca6ecc7d66f5e8491d5a0833572560a35644e5b8cc5b919ce3954af2
git-daemon-2.31.8-3.el8_6.ppc64le.rpm SHA-256: 8ccc505d178876bd61ac938976685bbaeaf8e5a741dd284bd28195ed3f4539f0
git-daemon-debuginfo-2.31.8-3.el8_6.ppc64le.rpm SHA-256: d00445f2f39807399c76bb24c355050353703a9c615601880dcb828ad5a6c840
git-debuginfo-2.31.8-3.el8_6.ppc64le.rpm SHA-256: f1f0ef73ee7806ef3eb52ccbb8b93fb4b2b057b3f8ccf1f2f3dc49cc789832db
git-debugsource-2.31.8-3.el8_6.ppc64le.rpm SHA-256: 76deeddc29d19e7d2883e8b2b4f53c1e2e679691c70eab5b2a185897a0878aaa
git-email-2.31.8-3.el8_6.noarch.rpm SHA-256: 55cac69d2aa9f2c238624917fa52592115031b434d4120c333250c6347a5acff
git-gui-2.31.8-3.el8_6.noarch.rpm SHA-256: 9c62ddfe3ccec018232727d329f49a28a452c7559d713e9d309682f4a8a3eb91
git-instaweb-2.31.8-3.el8_6.noarch.rpm SHA-256: ba898ee99b3131ea5a3a8cd727d14d5840b5f3fc77d4eeab09a3ffc52bc07b11
git-subtree-2.31.8-3.el8_6.ppc64le.rpm SHA-256: cc4bc2dfe4d0ed271f16f07f2659cd6d4e2a20f5a2f3f2a59452282b4682f4a1
git-svn-2.31.8-3.el8_6.noarch.rpm SHA-256: 8a4340de0d4f259c693c38f0ddc5abb55d8c09f38c744319b510c9a05671af58
gitk-2.31.8-3.el8_6.noarch.rpm SHA-256: 23d7137264390651f66cc4d05bd37829946ed6cd14ba8049a5e8d910464032db
gitweb-2.31.8-3.el8_6.noarch.rpm SHA-256: 599c519c925adab497dc2153b6a21aac956e3e64ef7281a3c10b21ea095504cf
perl-Git-2.31.8-3.el8_6.noarch.rpm SHA-256: 2a112a64f84a026cf9fc6357ba011ecec5b034a0bcc6b6b3dbb7d39d1c7608da
perl-Git-SVN-2.31.8-3.el8_6.noarch.rpm SHA-256: 6f9dfb1b2a080752f52530119b63d647fd805ff6cd78df3cf05d85b689175f5d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
git-2.31.8-3.el8_6.src.rpm SHA-256: 1844ec419eeab6965611655f9132b8fbf94ce1171540d53a534e5f71ef7ebf04
x86_64
git-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1315729a9b780978870d1fa774aa0fc971606d364010b1cc9c45b32d2b080ced
git-all-2.31.8-3.el8_6.noarch.rpm SHA-256: ea008d4ede02fb636019710218059cb9b6691dc95e09689236445dc2eea4db72
git-core-2.31.8-3.el8_6.x86_64.rpm SHA-256: 1406550952415580044a49a2376c8043948b3e08f40daa24040401905c9ce3cd
git-core-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 64c814086cbe78737442d332eb452352c904dc86a8efee561ef24d800fc1db5a
git-core-doc-2.31.8-3.el8_6.noarch.rpm SHA-256: 03d12bb52e7f9956a37123ab49c8594cb37e4be8305feb491af5723a7979cefa
git-credential-libsecret-2.31.8-3.el8_6.x86_64.rpm SHA-256: 526d1c54728cdbfdbfe927434219eb05e56c08364ee37e2b52ccf28c497d195b
git-credential-libsecret-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 7547744b0eb380fd305b2c94620d570cdbf252ac180b89139b5ae518d9671e58
git-daemon-2.31.8-3.el8_6.x86_64.rpm SHA-256: 3128c3392461f1581f28a56bd836d986f261f9f40bc9c35526352cf81c61138a
git-daemon-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: 558df2a85c7f5fab9c5acb0ca1c3ad0b683b3025e717d9079f53828bea052da6
git-debuginfo-2.31.8-3.el8_6.x86_64.rpm SHA-256: ce64b9ce0e4d034d6287ed573c82975e48d8102f0b77d96e025abd0c99d529b9
git-debugsource-2.31.8-3.el8_6.x86_64.rpm SHA-256: 73ad1e48dc487dd2d151a9086d9c6bf41b29bf072e9eddd1c6a06b442c2d5770
git-email-2.31.8-3.el8_6.noarch.rpm SHA-256: 55cac69d2aa9f2c238624917fa52592115031b434d4120c333250c6347a5acff
git-gui-2.31.8-3.el8_6.noarch.rpm SHA-256: 9c62ddfe3ccec018232727d329f49a28a452c7559d713e9d309682f4a8a3eb91
git-instaweb-2.31.8-3.el8_6.noarch.rpm SHA-256: ba898ee99b3131ea5a3a8cd727d14d5840b5f3fc77d4eeab09a3ffc52bc07b11
git-subtree-2.31.8-3.el8_6.x86_64.rpm SHA-256: 091c224b35d377e5c51b531f066419713982bf170ffa00ad7b165293706ec599
git-svn-2.31.8-3.el8_6.noarch.rpm SHA-256: 8a4340de0d4f259c693c38f0ddc5abb55d8c09f38c744319b510c9a05671af58
gitk-2.31.8-3.el8_6.noarch.rpm SHA-256: 23d7137264390651f66cc4d05bd37829946ed6cd14ba8049a5e8d910464032db
gitweb-2.31.8-3.el8_6.noarch.rpm SHA-256: 599c519c925adab497dc2153b6a21aac956e3e64ef7281a3c10b21ea095504cf
perl-Git-2.31.8-3.el8_6.noarch.rpm SHA-256: 2a112a64f84a026cf9fc6357ba011ecec5b034a0bcc6b6b3dbb7d39d1c7608da
perl-Git-SVN-2.31.8-3.el8_6.noarch.rpm SHA-256: 6f9dfb1b2a080752f52530119b63d647fd805ff6cd78df3cf05d85b689175f5d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.