Thursday, September 19, 2024

[USN-7023-1] Git vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmbrwToFAwAAAAAACgkQuGrtzot7pOf9
HAv+NG1db0HqUB/QbLs92ZxwnRy7btMYvygbjr7pUt5Zfi7iCXc/Gs+mcTQOGZDx/wdRiTNM4W03
BlZR3ktJQN/LlkHwH8AkJnKO7JJjKUQ69UgaMYLZ2BwE0IKrikuYFcv40fXl9gYaYyrKTGvZ00dL
Kn7EHVuyQnRVGivGP0Y6Iwpgn0Ws4vRLrK2C0C8LOxTfmGgIaJBqwd3AMfH5TeQwxcpJL3GRUTUh
02geKw5ML7CPraqXfxTSQYiqa+CKkB5qw1cuXdJbwrGZ6xWj9paC22r82FEQ8JjPOVUUYR0tSkWW
iOMWnglT9v2bEyMJUhhIM6qPZCVPIgD3RteZ3TWTgINJazOiC/IQ6Zt5letPlTFugHj3jQWEuvWZ
noJhL0KwrcXn0Blsy/ZHCPFdgeBebacE/HWLDF1FCZohdMXCda4rgiPCq/w6zPSwym3ZmQuNqEAa
kiWvGJX2ttun9e4gcneYnKnjqZaBW+2I/f4HsCM0IR4CzuIP7+Ds+URCOeyZ
=J7tq
-----END PGP SIGNATURE----- 

==========================================================================  Ubuntu Security Notice USN-7023-1  September 19, 2024    git vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS    Summary:    Several security issues were fixed in Git.    Software Description:  - git: fast, scalable, distributed revision control system    Details:    Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly  handled some gettext machinery. An attacker could possibly use this issue  to allows the malicious placement of crafted messages. This issue was fixed  in Ubuntu 16.04 LTS. (CVE-2023-25815)    It was discovered that Git incorrectly handled certain submodules.  An attacker could possibly use this issue to execute arbitrary code.  This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)    It was discovered that Git incorrectly handled certain cloned repositories.  An attacker could possibly use this issue to execute arbitrary code. This  issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)    It was discovered that Git incorrectly handled local clones with hardlinked  files/directories. An attacker could possibly use this issue to place a  specialized repository on their target's local system. This issue was fixed  in Ubuntu 18.04 LTS. (CVE-2024-32020)    It was discovered that Git incorrectly handled certain symlinks. An  attacker could possibly use this issue to impact availability and  integrity creating hardlinked arbitrary files into users repository's  objects/directory. This issue was fixed in Ubuntu 18.04 LTS.  (CVE-2024-32021)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 18.04 LTS    git                             1:2.17.1-1ubuntu0.18+esm1                                    Available with Ubuntu Pro    Ubuntu 16.04 LTS    git                             1:2.7.4-0ubuntu1.10+esm8                                    Available with Ubuntu Pro    In general, a standard system update will make all the necessary changes.    References:    https://ubuntu.com/security/notices/USN-7023-1    CVE-2023-25815, CVE-2024-32002, CVE-2024-32004, CVE-2024-32020,    CVE-2024-32021, CVE-2024-32465

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)