Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.04 LTS go-git Critical Security Flaws USN-8088-1

ubuntu
Calendar Grey March 12, 2026
Dist Ubuntu Esm H88
Critical updates released for go-git in Ubuntu to address several security vulnerabilities impacting system integrity.
Several security issues were fixed in go-git.

Summary

Several security issues were fixed in go-git.

Software Description:

- golang-github-go-git-go-git: A highly extensible Git implementation in pure Go

Details:

Ionut Lalu discovered that go-git incorrectly handled certain specially

crafted Git server responses. An attacker could possibly use this issue to

cause a denial of service. (CVE-2023-49568, CVE-2025-21614)

Ionut Lalu discovered that go-git incorrectly handled file system paths

when using the ChrootOS implementation. A remote attacker could possibly

use this issue to perform a path traversal and create or modify arbitrary

files, leading to remote code execution. (CVE-2023-49569)

It was discovered that go-git did not properly sanitize arguments when

invoking git-upload-pack using the file transport protocol. An attacker

could possibly use this issue to inject arbitrary flag values when

interacting with local Git repositories. (CVE-2025-21613)

It was discovered that go-git did not properly verify integrity checks for

pack ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  go-git                          5.4.2-4ubuntu0.24.04.3+esm2
                                  Available with Ubuntu Pro
  golang-github-go-git-go-git-dev  5.4.2-4ubuntu0.24.04.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  go-git                          5.4.2-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-github-go-git-go-git-dev  5.4.2-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8088-1

CVE-2023-49568, CVE-2023-49569, CVE-2025-21613, CVE-2025-21614,

CVE-2026-25934

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8088-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here