-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  git (SSA:2023-115-01)

New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/git-2.35.8-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  By feeding specially crafted input to `git apply --reject`, a
  path outside the working tree can be overwritten with partially
  controlled contents (corresponding to the rejected hunk(s) from
  the given patch).
  When Git is compiled with runtime prefix support and runs without
  translated messages, it still used the gettext machinery to
  display messages, which subsequently potentially looked for
  translated messages in unexpected places. This allowed for
  malicious placement of crafted messages.
  When renaming or deleting a section from a configuration file,
  certain malicious configuration values may be misinterpreted as
  the beginning of a new configuration section, leading to arbitrary
  configuration injection.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-25652
    https://www.cve.org/CVERecord?id=CVE-2023-25815
    https://www.cve.org/CVERecord?id=CVE-2023-29007
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.9-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.9-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.9-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.9-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.9-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.30.9-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.35.8-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.35.8-x86_64-1_slack15.0.txz

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 package:
21ab1e35e801ed6be49ec5dd900d3538  git-2.30.9-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
dda7e54cfdf69ca2c3d8cd61acf1a3a1  git-2.30.9-x86_64-1_slack14.0.txz

Slackware 14.1 package:
a4c85311846930cad10e92dc6656d9d8  git-2.30.9-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
5f2befca889ab9993b68f786e1a1fa17  git-2.30.9-x86_64-1_slack14.1.txz

Slackware 14.2 package:
c8c8e0416df849d1f7ace4ecde4e713f  git-2.30.9-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
00385fe0266b339bfb22dcf0fc9d47fe  git-2.30.9-x86_64-1_slack14.2.txz

Slackware 15.0 package:
edeba2d3e155ad2967d3218699b28a1a  git-2.35.8-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
42dd13102e53512a908f7b90299f3e23  git-2.35.8-x86_64-1_slack15.0.txz

Slackware -current package:
38e58cfeb07297f9a036df089da7eb1c  d/git-2.40.1-i586-1.txz

Slackware x86_64 -current package:
8be73442722be6a033e9d833081f10e6  d/git-2.40.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg git-2.35.8-i586-1_slack15.0.txz


+-----+

Slackware: 2023-115-01: git Security Update

April 25, 2023
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.35.8-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). When Git is compiled with runtime prefix support and runs without translated messages, it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for malicious placement of crafted messages. When renaming or deleting a section from a configuration file, certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-25652 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://www.cve.org/CVERecord?id=CVE-2023-29007 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.30.9-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.30.9-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.30.9-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.30.9-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.30.9-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.30.9-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.35.8-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.35.8-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 21ab1e35e801ed6be49ec5dd900d3538 git-2.30.9-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dda7e54cfdf69ca2c3d8cd61acf1a3a1 git-2.30.9-x86_64-1_slack14.0.txz
Slackware 14.1 package: a4c85311846930cad10e92dc6656d9d8 git-2.30.9-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 5f2befca889ab9993b68f786e1a1fa17 git-2.30.9-x86_64-1_slack14.1.txz
Slackware 14.2 package: c8c8e0416df849d1f7ace4ecde4e713f git-2.30.9-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 00385fe0266b339bfb22dcf0fc9d47fe git-2.30.9-x86_64-1_slack14.2.txz
Slackware 15.0 package: edeba2d3e155ad2967d3218699b28a1a git-2.35.8-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 42dd13102e53512a908f7b90299f3e23 git-2.35.8-x86_64-1_slack15.0.txz
Slackware -current package: 38e58cfeb07297f9a036df089da7eb1c d/git-2.40.1-i586-1.txz
Slackware x86_64 -current package: 8be73442722be6a033e9d833081f10e6 d/git-2.40.1-x86_64-1.txz

Severity
[slackware-security] git (SSA:2023-115-01)
New git packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg git-2.35.8-i586-1_slack15.0.txz

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo