-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  git (SSA:2023-115-01)

New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/git-2.35.8-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  By feeding specially crafted input to `git apply --reject`, a
  path outside the working tree can be overwritten with partially
  controlled contents (corresponding to the rejected hunk(s) from
  the given patch).
  When Git is compiled with runtime prefix support and runs without
  translated messages, it still used the gettext machinery to
  display messages, which subsequently potentially looked for
  translated messages in unexpected places. This allowed for
  malicious placement of crafted messages.
  When renaming or deleting a section from a configuration file,
  certain malicious configuration values may be misinterpreted as
  the beginning of a new configuration section, leading to arbitrary
  configuration injection.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-25652
    https://www.cve.org/CVERecord?id=CVE-2023-25815
    https://www.cve.org/CVERecord?id=CVE-2023-29007
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.9-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.9-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.9-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.9-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.9-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.30.9-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.35.8-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.35.8-x86_64-1_slack15.0.txz

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 package:
21ab1e35e801ed6be49ec5dd900d3538  git-2.30.9-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
dda7e54cfdf69ca2c3d8cd61acf1a3a1  git-2.30.9-x86_64-1_slack14.0.txz

Slackware 14.1 package:
a4c85311846930cad10e92dc6656d9d8  git-2.30.9-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
5f2befca889ab9993b68f786e1a1fa17  git-2.30.9-x86_64-1_slack14.1.txz

Slackware 14.2 package:
c8c8e0416df849d1f7ace4ecde4e713f  git-2.30.9-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
00385fe0266b339bfb22dcf0fc9d47fe  git-2.30.9-x86_64-1_slack14.2.txz

Slackware 15.0 package:
edeba2d3e155ad2967d3218699b28a1a  git-2.35.8-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
42dd13102e53512a908f7b90299f3e23  git-2.35.8-x86_64-1_slack15.0.txz

Slackware -current package:
38e58cfeb07297f9a036df089da7eb1c  d/git-2.40.1-i586-1.txz

Slackware x86_64 -current package:
8be73442722be6a033e9d833081f10e6  d/git-2.40.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg git-2.35.8-i586-1_slack15.0.txz


+-----+

Slackware: 2023-115-01: git Security Update

April 25, 2023
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.35.8-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). When Git is compiled with runtime prefix support and runs without translated messages, it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for malicious placement of crafted messages. When renaming or deleting a section from a configuration file, certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-25652 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://www.cve.org/CVERecord?id=CVE-2023-29007 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.9-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.9-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.9-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.9-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.9-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.30.9-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.35.8-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.35.8-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 21ab1e35e801ed6be49ec5dd900d3538 git-2.30.9-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dda7e54cfdf69ca2c3d8cd61acf1a3a1 git-2.30.9-x86_64-1_slack14.0.txz
Slackware 14.1 package: a4c85311846930cad10e92dc6656d9d8 git-2.30.9-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 5f2befca889ab9993b68f786e1a1fa17 git-2.30.9-x86_64-1_slack14.1.txz
Slackware 14.2 package: c8c8e0416df849d1f7ace4ecde4e713f git-2.30.9-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 00385fe0266b339bfb22dcf0fc9d47fe git-2.30.9-x86_64-1_slack14.2.txz
Slackware 15.0 package: edeba2d3e155ad2967d3218699b28a1a git-2.35.8-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 42dd13102e53512a908f7b90299f3e23 git-2.35.8-x86_64-1_slack15.0.txz
Slackware -current package: 38e58cfeb07297f9a036df089da7eb1c d/git-2.40.1-i586-1.txz
Slackware x86_64 -current package: 8be73442722be6a033e9d833081f10e6 d/git-2.40.1-x86_64-1.txz

Severity
[slackware-security] git (SSA:2023-115-01)
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg git-2.35.8-i586-1_slack15.0.txz

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved