USN-6050-1: Git vulnerabilities
1 May 2023
Several security issues were fixed in Git.
Releases
Packages
- git - fast, scalable, distributed revision control system
Details
It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwriting some paths.
(CVE-2023-25652)
Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. (CVE-2023-25815)
André Baptista and Vítor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to arbitrary configuration injection. (CVE-2023-29007)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7023-1: git-all, git, git-daemon-run, git-man, gitweb, git-arch, git-cvs, git-core, git-svn, gitk, git-mediawiki, git-email, git-doc, git-el, git-daemon-sysvinit, git-gui
- USN-6050-2: git-all, git, git-daemon-run, git-man, gitweb, git-arch, git-cvs, git-core, git-svn, gitk, git-mediawiki, git-email, git-doc, git-el, git-daemon-sysvinit, git-gui