Issued:: 2025-07-22
Updated:: 2025-07-23

RHSA-2025:11534 - Security Advisory

Overview
Updated Packages

Synopsis

Important: git security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for git is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

git: Git does not sanitize URLs when asking for credentials interactively (CVE-2024-50349)
git: Newline confusion in credential helpers can lead to credential exfiltration in git (CVE-2024-52006)
git: Git arbitrary code execution (CVE-2025-48384)
git: Git arbitrary file writes (CVE-2025-48385)
gitk: Git file creation flaw (CVE-2025-27613)
gitk: git script execution flaw (CVE-2025-27614)
git: Git GUI can create and overwrite files for which the user has write permission (CVE-2025-46835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2337824 - CVE-2024-50349 git: Git does not sanitize URLs when asking for credentials interactively
BZ - 2337956 - CVE-2024-52006 git: Newline confusion in credential helpers can lead to credential exfiltration in git
BZ - 2378806 - CVE-2025-48384 git: Git arbitrary code execution
BZ - 2378808 - CVE-2025-48385 git: Git arbitrary file writes
BZ - 2379124 - CVE-2025-27613 gitk: Git file creation flaw
BZ - 2379125 - CVE-2025-27614 gitk: git script execution flaw
BZ - 2379326 - CVE-2025-46835 git: Git GUI can create and overwrite files for which the user has write permission

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
git-2.43.7-1.el8_10.src.rpm	SHA-256: 8fe83f047e58c61e0e1bc807de211bbd62e24f5023cc6a0c63b01dca8b904bfe
x86_64
git-2.43.7-1.el8_10.x86_64.rpm	SHA-256: c9c97b1e34949a29e3ef951f9f91d583cc6e5859cd3028995ac3095b2f5051db
git-all-2.43.7-1.el8_10.noarch.rpm	SHA-256: 548a955d26bc64e054acf8de3b5cabcb112322794f6f30209ebeb8d00d953a6e
git-core-2.43.7-1.el8_10.x86_64.rpm	SHA-256: 51124ac7ed4c97b5a62a34a3b5e6139a3012d8fd516d3d56bc83490b19aa6bc9
git-core-debuginfo-2.43.7-1.el8_10.x86_64.rpm	SHA-256: c49a10cd71597274a94e73283980d1555bfbc035b547bf3b49c0654b44947862
git-core-doc-2.43.7-1.el8_10.noarch.rpm	SHA-256: 09202aba03724180992d4cb6a3c617423ee25dc61f2c162990a25d7781977058
git-credential-libsecret-2.43.7-1.el8_10.x86_64.rpm	SHA-256: c86701c4be437f213e06746b88cbd7d39697d88d2c8e15607607704fbcf3f0b4
git-credential-libsecret-debuginfo-2.43.7-1.el8_10.x86_64.rpm	SHA-256: 83f0cfb760c4bad93f2cded80052c54ac03a1da7f02b86b5c84f566f45afafc1
git-daemon-2.43.7-1.el8_10.x86_64.rpm	SHA-256: 6b244ea19833cd260e4c6087bc6ab1a3b7fd676babebc75a01c2565035b0c873
git-daemon-debuginfo-2.43.7-1.el8_10.x86_64.rpm	SHA-256: 376af8bc64267c3396e39f202edf3bd7fc1887b8454ec4ea109df6d95686d91a
git-debuginfo-2.43.7-1.el8_10.x86_64.rpm	SHA-256: 22c279b44b01e8df25cd73b463bf3746a2a9ef42d96f983cb97885dcf8596380
git-debugsource-2.43.7-1.el8_10.x86_64.rpm	SHA-256: eb2b71b3f7042f95b5a0036afa3f5de2d53c8b5289feceb9909f0376fb431d07
git-email-2.43.7-1.el8_10.noarch.rpm	SHA-256: 20794fb0781d454b49f0c68a98e3049d75ab1579e5ad839161a4c7331494cc06
git-gui-2.43.7-1.el8_10.noarch.rpm	SHA-256: 95b031f6c1ea285113b2ae3dc76aa2ede6eb90caab62e9ab0bd2d68583003db8
git-instaweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: f3150aeceaaf2b32fbe5dd99681aced1e6b7d6c9fa71bf86099f8a0ee86ab3a8
git-subtree-2.43.7-1.el8_10.x86_64.rpm	SHA-256: e7bf71570a721168d67a4c8c70a6ae25b2a87908fc76b981abc0add1ba00cdbe
git-svn-2.43.7-1.el8_10.noarch.rpm	SHA-256: 5704d6d13f4eb44c4222dcab16a0286543d292766e0af12bb113f84dad29af98
gitk-2.43.7-1.el8_10.noarch.rpm	SHA-256: d5bab4e89015409757f4da3aca1a18ed75b306145a30a7a4e67c7fc24bd7c342
gitweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: e8fa170f5db9ff043ed702051c0adb2ee916e54c20047b8b4198cc9797fa733b
perl-Git-2.43.7-1.el8_10.noarch.rpm	SHA-256: cc2b622933dabf0579711ce3fdccfd5b485483b8b0f8ed4dc2df3d59842ba735
perl-Git-SVN-2.43.7-1.el8_10.noarch.rpm	SHA-256: 409e48fff4ff17b4220274be553cb83ac4d5c62915a022d00847727dd7aa37a2

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
git-2.43.7-1.el8_10.src.rpm	SHA-256: 8fe83f047e58c61e0e1bc807de211bbd62e24f5023cc6a0c63b01dca8b904bfe
s390x
git-2.43.7-1.el8_10.s390x.rpm	SHA-256: 11cb5de7f2c20cf19598ed25573c5c770e1f2111b6fb8ce2aec43069071e3fb8
git-all-2.43.7-1.el8_10.noarch.rpm	SHA-256: 548a955d26bc64e054acf8de3b5cabcb112322794f6f30209ebeb8d00d953a6e
git-core-2.43.7-1.el8_10.s390x.rpm	SHA-256: 713ab39f22985d648d355541b3331ef10d0536910071561fae19f4950c95ba84
git-core-debuginfo-2.43.7-1.el8_10.s390x.rpm	SHA-256: 87a019b0e06b9766fbf91cda219fbc59053f92de129969abfc9aba6e991476bc
git-core-doc-2.43.7-1.el8_10.noarch.rpm	SHA-256: 09202aba03724180992d4cb6a3c617423ee25dc61f2c162990a25d7781977058
git-credential-libsecret-2.43.7-1.el8_10.s390x.rpm	SHA-256: 3c28e91fa5bc31e7ecdfcf02981ad13b23404a210afa4504c3c87c1e208475d1
git-credential-libsecret-debuginfo-2.43.7-1.el8_10.s390x.rpm	SHA-256: 76f0d2f6c491b788f6e94334b65066305ece446797d69450b7e827529dcd1371
git-daemon-2.43.7-1.el8_10.s390x.rpm	SHA-256: 1b25d7f50659c471a10d73957cb0d625a1a4db19a051ca09b663b6469032ce8e
git-daemon-debuginfo-2.43.7-1.el8_10.s390x.rpm	SHA-256: 18447d4a711fa4534f31c280af0f0dc3a8204e863a2d3f220ca08f09b3f61ac7
git-debuginfo-2.43.7-1.el8_10.s390x.rpm	SHA-256: 8a71454977702aec6f94a63c052f4bf6a31096fc7a36226bb697a2e427a272b6
git-debugsource-2.43.7-1.el8_10.s390x.rpm	SHA-256: 75cb74ab1be7a5b658b92eac5566e5b82206bd3afbbc314b96f49b52732254c7
git-email-2.43.7-1.el8_10.noarch.rpm	SHA-256: 20794fb0781d454b49f0c68a98e3049d75ab1579e5ad839161a4c7331494cc06
git-gui-2.43.7-1.el8_10.noarch.rpm	SHA-256: 95b031f6c1ea285113b2ae3dc76aa2ede6eb90caab62e9ab0bd2d68583003db8
git-instaweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: f3150aeceaaf2b32fbe5dd99681aced1e6b7d6c9fa71bf86099f8a0ee86ab3a8
git-subtree-2.43.7-1.el8_10.s390x.rpm	SHA-256: 67afea50c69eb0ea7afed0df4fab24447b5a939aced19ae24916580d59d9acb9
git-svn-2.43.7-1.el8_10.noarch.rpm	SHA-256: 5704d6d13f4eb44c4222dcab16a0286543d292766e0af12bb113f84dad29af98
gitk-2.43.7-1.el8_10.noarch.rpm	SHA-256: d5bab4e89015409757f4da3aca1a18ed75b306145a30a7a4e67c7fc24bd7c342
gitweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: e8fa170f5db9ff043ed702051c0adb2ee916e54c20047b8b4198cc9797fa733b
perl-Git-2.43.7-1.el8_10.noarch.rpm	SHA-256: cc2b622933dabf0579711ce3fdccfd5b485483b8b0f8ed4dc2df3d59842ba735
perl-Git-SVN-2.43.7-1.el8_10.noarch.rpm	SHA-256: 409e48fff4ff17b4220274be553cb83ac4d5c62915a022d00847727dd7aa37a2

Red Hat Enterprise Linux for Power, little endian 8

SRPM
git-2.43.7-1.el8_10.src.rpm	SHA-256: 8fe83f047e58c61e0e1bc807de211bbd62e24f5023cc6a0c63b01dca8b904bfe
ppc64le
git-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 82c5a684aa3de13e7bba7e0c544351036599d864a55326a3832e209f3d13b935
git-all-2.43.7-1.el8_10.noarch.rpm	SHA-256: 548a955d26bc64e054acf8de3b5cabcb112322794f6f30209ebeb8d00d953a6e
git-core-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 2b64e0733bb2e2098121db7b1d6f2f86f8053261f4e0cd40e977f64a0c49fb91
git-core-debuginfo-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 68caccf5b81cb7d53eca8e8e88fd911f12634f927357e63e87e2fc5aabe9cf1d
git-core-doc-2.43.7-1.el8_10.noarch.rpm	SHA-256: 09202aba03724180992d4cb6a3c617423ee25dc61f2c162990a25d7781977058
git-credential-libsecret-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 48bcbdd29dd0f7b6b19ddb3c4c22307d83ceff98d46f5bd48763aec27c3976f8
git-credential-libsecret-debuginfo-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 32aabb42c6626669aaeb0ca603c692282b42b7765cc7e475f0c35d828ae2d16f
git-daemon-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 3d6bbe789c3f405db18b304742ed0883f460955e178bb11ea0c9f4a37ec2e36f
git-daemon-debuginfo-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 91b6c602c3d2cba6aa4f158e58583d2d9566932dc480fc835216034b49e091ca
git-debuginfo-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 05895b870d5f8eb8ae8d8fc9493912a1af60fadb91a49616ca340a9561ad4be8
git-debugsource-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 38ae99686d01e9878c12eee0d2676409010de0e71bbc43cadc524626226a16d6
git-email-2.43.7-1.el8_10.noarch.rpm	SHA-256: 20794fb0781d454b49f0c68a98e3049d75ab1579e5ad839161a4c7331494cc06
git-gui-2.43.7-1.el8_10.noarch.rpm	SHA-256: 95b031f6c1ea285113b2ae3dc76aa2ede6eb90caab62e9ab0bd2d68583003db8
git-instaweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: f3150aeceaaf2b32fbe5dd99681aced1e6b7d6c9fa71bf86099f8a0ee86ab3a8
git-subtree-2.43.7-1.el8_10.ppc64le.rpm	SHA-256: 29cfea7f7d9343bc50b2245c8054f47ab3f3ae58c2585af089b83dfa9f80dc0e
git-svn-2.43.7-1.el8_10.noarch.rpm	SHA-256: 5704d6d13f4eb44c4222dcab16a0286543d292766e0af12bb113f84dad29af98
gitk-2.43.7-1.el8_10.noarch.rpm	SHA-256: d5bab4e89015409757f4da3aca1a18ed75b306145a30a7a4e67c7fc24bd7c342
gitweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: e8fa170f5db9ff043ed702051c0adb2ee916e54c20047b8b4198cc9797fa733b
perl-Git-2.43.7-1.el8_10.noarch.rpm	SHA-256: cc2b622933dabf0579711ce3fdccfd5b485483b8b0f8ed4dc2df3d59842ba735
perl-Git-SVN-2.43.7-1.el8_10.noarch.rpm	SHA-256: 409e48fff4ff17b4220274be553cb83ac4d5c62915a022d00847727dd7aa37a2

Red Hat Enterprise Linux for ARM 64 8

SRPM
git-2.43.7-1.el8_10.src.rpm	SHA-256: 8fe83f047e58c61e0e1bc807de211bbd62e24f5023cc6a0c63b01dca8b904bfe
aarch64
git-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 360e8689c9a9f5c286b4428a3c46f7017eea21751a9499ae168462a41e1e17a0
git-all-2.43.7-1.el8_10.noarch.rpm	SHA-256: 548a955d26bc64e054acf8de3b5cabcb112322794f6f30209ebeb8d00d953a6e
git-core-2.43.7-1.el8_10.aarch64.rpm	SHA-256: d23f02a074c97383eda8f833f8a3f1916b4b1c55ba5149d0cbfd4ee69254d471
git-core-debuginfo-2.43.7-1.el8_10.aarch64.rpm	SHA-256: aab0f0cd03afb3c93eb30a0274243a925a800a7a15e30c05065a3c6de927827f
git-core-doc-2.43.7-1.el8_10.noarch.rpm	SHA-256: 09202aba03724180992d4cb6a3c617423ee25dc61f2c162990a25d7781977058
git-credential-libsecret-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 9a651f8f1b5fb8cb1e60c344720e123915325b8d239d388c7d97982f5dbab884
git-credential-libsecret-debuginfo-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 95fd1228e2eb4162c470b35635baa4e2d9a05318450c335a45fdb21bbb1dd4b1
git-daemon-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 25120dabafe330e1305aac48f8c0d09f95df300fc8f25410f16d7f253ccbda4a
git-daemon-debuginfo-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 441e7c57cfd3b732aae29a4c520a62871f289df596672852c51f0963ab7ca2c4
git-debuginfo-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 3ddb43628fcfe99c9b70a203d5a90bd23767ddb6325fdfc66656cbc3e3ad78dd
git-debugsource-2.43.7-1.el8_10.aarch64.rpm	SHA-256: dfa6a47e93f200e14c21cab74fa6dcfde200cf9b14997bbafd4ebc999c1b1596
git-email-2.43.7-1.el8_10.noarch.rpm	SHA-256: 20794fb0781d454b49f0c68a98e3049d75ab1579e5ad839161a4c7331494cc06
git-gui-2.43.7-1.el8_10.noarch.rpm	SHA-256: 95b031f6c1ea285113b2ae3dc76aa2ede6eb90caab62e9ab0bd2d68583003db8
git-instaweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: f3150aeceaaf2b32fbe5dd99681aced1e6b7d6c9fa71bf86099f8a0ee86ab3a8
git-subtree-2.43.7-1.el8_10.aarch64.rpm	SHA-256: 16e83bba18bfdd6c853fd3bb4fd7bb28f2c0fa9591c10f5f05101c378153570a
git-svn-2.43.7-1.el8_10.noarch.rpm	SHA-256: 5704d6d13f4eb44c4222dcab16a0286543d292766e0af12bb113f84dad29af98
gitk-2.43.7-1.el8_10.noarch.rpm	SHA-256: d5bab4e89015409757f4da3aca1a18ed75b306145a30a7a4e67c7fc24bd7c342
gitweb-2.43.7-1.el8_10.noarch.rpm	SHA-256: e8fa170f5db9ff043ed702051c0adb2ee916e54c20047b8b4198cc9797fa733b
perl-Git-2.43.7-1.el8_10.noarch.rpm	SHA-256: cc2b622933dabf0579711ce3fdccfd5b485483b8b0f8ed4dc2df3d59842ba735
perl-Git-SVN-2.43.7-1.el8_10.noarch.rpm	SHA-256: 409e48fff4ff17b4220274be553cb83ac4d5c62915a022d00847727dd7aa37a2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation