[CLSA-2023:1677096675] Fix of 5 CVEs

Type:

security

Severity:

Critical

Release date:

2023-02-22 20:11:15 UTC

Description:

   * SECURITY UPDATE: out-of-bounds write caused by integer overflow
     - debian/patches/CVE-2022-41903.patch: use 'size_t' instead of
       'int' to track the string lengths and so allow >2GB input sizes.
     - CVE-2022-41903
     - t-mark-submodule-clean-test-as-known-failure.patch: mark
       submodule clean test as known failure and so pass 'make test'.
   * SECURITY UPDATE: possible cross-protocol requests
     - debian/patches/CVE-2021-40330.patch: forbid newlines in host
       and path.
     - CVE-2021-40330
   * SECURITY UPDATE: out-of-bounds write and possible RCE caused by
     integer overflow
     - debian/patches/CVE-2022-39260.patch: reject too long command
       line strings in split_cmdline().
     - CVE-2022-39260
   * SECURITY UPDATE: out-of-bounds write when reading an unreasonably
     large .gitattributes file
     - debian/patches/CVE-2021-23521.patch: implement line and overall
       size checks for .gitattributes files.
     - CVE-2021-23521
   * SECURITY UPDATE: possible write outside of the repository's
     working directory
     - debian/patches/CVE-2023-23946.patch: prevent git-apply from
       writing behind newly created symbolic links.
     - CVE-2023-23946

Updated packages:

git_2.7.4-0ubuntu1.10+tuxcare.els1_amd64.deb
sha:485f4aa4db3aedcc6901ae521c7402bbadceb018
git-all_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:e10bdf160064e0d67087071e32f35b668846c56b
git-arch_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:f977584b18db46dbf75722f71294c40c2e68a1b0
git-core_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:7d7d0f2bca387bcd69bd0ecccd610581cd4d97df
git-cvs_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:a618bcdd593b81821085703398792c2b462cf411
git-daemon-run_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:4081aa0f4299d037afd648ab9ccdd0a63a9e0fb1
git-daemon-sysvinit_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:8256722101a606bd3ef2880ea2e65803d38fe9af
git-doc_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:0a719133c454b5d4e8ae097f9a8793229d840e46
git-el_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:c27efd86c7c5db8f887be46484f8069d0bcec7b1
git-email_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:5f078615e5359d62b7a5e3894efe4f13218d4229
git-gui_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:1278fddb0135b78af19f240f3e423abaa248ef2b
git-man_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:e3e26f83213818445fa0c6e654b82d36e0318276
git-mediawiki_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:2c3b74cefda16656269a97a60e3c24e5400c2df3
git-svn_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:e4c2e8c170b50ce220fd53d36772aad305e233cc
gitk_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:0322d1cbe82c9774d61b6cf71291fc06f96a7ff7
gitweb_2.7.4-0ubuntu1.10+tuxcare.els1_all.deb
sha:66c441cc9983979cc894256b45b021f867ace896

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.