Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Gentoo GLSA-202312-15 High: Git Remote Code Execution Risks

gentoo
Calendar Grey December 27, 2023
Dist Gentoo Esm H88
Fortify Git within Gentoo to mitigate various significant security flaws, particularly focusing on the risk of remote attacks.
Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.

Summary

Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity gentoo remote execution git multiple risks

Resolution

All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"

References

[ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202312-15
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: Git: Multiple Vulnerabilities
Date: December 27, 2023
Bugs: #838127, #857831, #877565, #891221, #894472, #905088
ID: 202312-15

Topics%20covered

Topics Covered

security advisory high severity gentoo remote execution git multiple risks

Synopsis

Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.

Background

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Package Vulnerable Unaffected ----------- ------------ ------------ dev-vcs/git < 2.39.3 >= 2.39.3

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Related News

Your message here