[CLSA-2023:1683815086] Fix CVE(s): CVE-2023-25652, CVE-2023-29007
Type:
security
Severity:
Important
Release date:
2023-05-11 14:24:53 UTC
Description:
* SECURITY UPDATE: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch) - debian/patches/CVE-2023-25652.patch: removing a link instead of writing into - CVE-2023-25652 * SECURITY UPDATE: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_rename_section_in_file()` that can lead to a remote code execution - debian/patches/CVE-2023-29007.patch: restrict the config file line length to parse it whole either as a section or as a parameter - CVE-2023-29007
Updated packages:
  • git_2.7.4-0ubuntu1.10+tuxcare.els3_amd64.deb
    sha:8cade5185e93ab41700a1733ca723c72308ccf58
  • git-all_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:5a200a2b3a7d19f25dc091e5fa7508c9afb33f7b
  • git-arch_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:0fd4ad299f72d0b73c779750831edeb4dfbc40b1
  • git-core_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:ffbb38ec6866adb453217e64eec6c5eb723f12e3
  • git-cvs_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:e52e9cef66283d2ab4870e83aae6756807e9d79b
  • git-daemon-run_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:541c9c6d5098a2a7f9e88deb81a2d5929d54a8d7
  • git-daemon-sysvinit_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:15d0cbaa32bf7cf15e942b79af58e765e7c5983f
  • git-doc_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:431da35b93ee6490e44753d917210573e0349fa6
  • git-el_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:cfafa2d961647153e11f8dcbbfc026028bc30011
  • git-email_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:d2ecdfed36829fffa2c162503f694229d517aeab
  • git-gui_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:8d1c5c5567fe679258d14140e781e8d8da9d702d
  • git-man_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:7a5d30d33b10f98e69cf94a812d5e3070d628d40
  • git-mediawiki_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:aab642aed59a0f2c1846539093008267e4945a69
  • git-svn_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:286c7b17ca05e703e7f1c6325de4bc24a168e601
  • gitk_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:0860fad35bc9cec41e0a33f7e07a39274d08d601
  • gitweb_2.7.4-0ubuntu1.10+tuxcare.els3_all.deb
    sha:ec655a815941becabbd7e34dd467fd0397af2a7e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.