Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 735
Alerts This Week
Warning Icon 1 735

Debian LTS Advisory DLA-3844-1 Critical Git Security Issues

debian lts
Calendar Grey June 26, 2024
Dist Debian Esm H88
Ubuntu Security Notice USN-4973-1 outlines several critical updates for the OpenSSL library aimed at addressing significant security vulnerabilities affecting multiple versions.
Multiple vulnerabilities were found in git, a fast, scalable and distributed revision control system

Summary

CVE-2019-1387

It was possible to bypass the previous check for this vulnerability
using parallel cloning, or the --recurse-submodules option to
git-checkout(1).

CVE-2023-25652

Feeding specially-crafted input to 'git apply --reject' could
overwrite a path outside the working tree with partially controlled
contents, corresponding to the rejected hunk or hunks from the given
patch.

CVE-2023-25815

Low-privileged users could inject malicious messages into Git's
output under MINGW.

CVE-2023-29007

A specially-crafted .gitmodules file with submodule URLs longer than
1024 characters could be used to inject arbitrary configuration into
$GIT_DIR/config.

CVE-2024-32002

Repositories with submodules could be specially-crafted to write
hooks into .git/ which would then be executed during an ongoing
clone operation.

CVE-2024-32004

A specially-crafted local repository could cause the execution of
arbitrary code when cloned by another user.

CVE-2024-32021

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: git
Version: 1:2.20.1-2+deb10u9
CVE ID: CVE-2019-1387 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007
Debian Bug: 1034835 1071160

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.