Slackware 14.0-15.0 Security Advisory: Git Patch Critical Issues
slackware
April 25, 2023
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues
Summary
Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.35.8-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). When Git is compiled with runtime prefix support and runs without translated messages, it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for malicious placement of crafted messages. When renaming or deleting a section from a configuration file, certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-25652
Read the Full Advisory
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.9-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.9-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.9-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.9-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.9-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2...
MD5 Signatures
Slackware 14.0 package:
21ab1e35e801ed6be49ec5dd900d3538 git-2.30.9-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
dda7e54cfdf69ca2c3d8cd61acf1a3a1 git-2.30.9-x86_64-1_slack14.0.txz
Slackware 14.1 package:
a4c85311846930cad10e92dc6656d9d8 git-2.30.9-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
5f2befca889ab9993b68f786e1a1fa17 git-2.30.9-x86_64-1_slack14.1.txz
Slackware 14.2 package:
c8c8e0416df849d1f7ace4ecde4e713f git-2.30.9-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
00385fe0266b339bfb22dcf0fc9d47fe git-2.30.9-x86_64-1_slack14.2.txz
Slackware 15.0 package:
edeba2d3e155ad2967d3218699b28a1a git-2.35.8-i586-1_slack15.0.txz
Slackware x86_64 15.0 package:
42dd13102e53512a908f7b90299f3e23 git-2.35.8-x86_64-1_slack15.0.txz
Slackware -current package:
38e58cfeb07297f9a036df089da7eb1c d/git-2.40.1-i586-1.txz
Slackware x86_64 -current package:
8be73442722be6a033e9d833081f10e6 d/git-2.40.1-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg git-2.35.8-i586-1_slack15.0.txz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!