Debian LTS: DLA-3338-1: git security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3338-1                [email protected]
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
February 23, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : git
Version        : 1:2.20.1-2+deb10u8
CVE ID         : CVE-2023-22490 CVE-2023-23946

Several vulnerabilities have been discovered in git, a fast, scalable
and distributed revision control system.

CVE-2023-22490

    yvvdwf found a data exfiltration vulnerability while performing a local
    clone from a malicious repository even using a non-local transport.

CVE-2023-23946

    Joern Schneeweisz found a path traversal vulnerbility in git-apply
    that a path outside the working tree can be overwritten as the acting
    user.

For Debian 10 buster, these problems have been fixed in version
1:2.20.1-2+deb10u8.

We recommend that you upgrade your git packages.

For the detailed security status of git please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/git

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3338-1: git security update

February 23, 2023
Several vulnerabilities have been discovered in git, a fast, scalable and distributed revision control system

Summary

CVE-2023-22490

yvvdwf found a data exfiltration vulnerability while performing a local
clone from a malicious repository even using a non-local transport.

CVE-2023-23946

Joern Schneeweisz found a path traversal vulnerbility in git-apply
that a path outside the working tree can be overwritten as the acting
user.

For Debian 10 buster, these problems have been fixed in version
1:2.20.1-2+deb10u8.

We recommend that you upgrade your git packages.

For the detailed security status of git please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/git

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : git
Version : 1:2.20.1-2+deb10u8
CVE ID : CVE-2023-22490 CVE-2023-23946

Related News

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Open Source 2022 Wins and Losses

Many WordPress Plugin Flaws Leveraged by Novel Linux Malware

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy