Debian 11: DLA-3867-1 Critical Git Security Updates Available
debian lts
September 3, 2024
Multiple vulnerabilities were discovered in git, a fast, scalable and distributed revision control system
Topics Covered
Summary
CVE-2019-1387
It was possible to bypass the previous check for this vulnerability
using parallel cloning, or the --recurse-submodules option to
git-checkout(1).
CVE-2023-25652
Feeding specially-crafted input to 'git apply --reject' could
overwrite a path outside the working tree with partially controlled
contents, corresponding to the rejected hunk or hunks from the given
patch.
CVE-2023-25815
Low-privileged users could inject malicious messages into Git's
output under MINGW.
CVE-2023-29007
A specially-crafted .gitmodules file with submodule URLs longer than
1024 characters could be used to inject arbitrary configuration into
$GIT_DIR/config.
CVE-2024-32002
Repositories with submodules could be specially-crafted to write
hooks into .git/ which would then be executed during an ongoing
clone operation.
CVE-2024-32004
A specially-crafted local repository could cause the execution of
arbitrary code when cloned by another user.
CVE-2024-32021
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: git
Version: 1:2.30.2-1+deb11u3
CVE ID: CVE-2019-1387 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007
Debian Bug: 1034835 1071160
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!