Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS: USN-5810-2 Critical Git Regression Risk

ubuntu
Calendar Grey January 19, 2023
Dist Ubuntu Esm H88
Discover the recent Git regression problem within Ubuntu, focusing on patches and suggested steps to alleviate potential vulnerabilities.
USN-5810-1 introduced a regression in Git.

Summary

USN-5810-1 introduced a regression in Git.

Software Description:

- git: fast, scalable, distributed revision control system

Details:

USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it

was missing some commit lines. This update fixes the problem.

Original advisory details:

Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain

gitattributes. An attacker could possibly use this issue to cause a crash

or execute arbitrary code. (CVE-2022-23521)

Joern Schneeweisz discovered that Git incorrectly handled certain commands.

An attacker could possibly use this issue to cause a crash or execute

arbitrary code. (CVE-2022-41903)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  git                             1:2.25.1-1ubuntu3.8

Ubuntu 18.04 LTS:
  git                             1:2.17.1-1ubuntu0.15

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5810-2

https://ubuntu.com/security/notices/USN-5810-1

https://bugs.launchpad.net/ubuntu/+source/git/+bug/2003246

Severity
critical
Lowest
Low
Medium
High
Critical

January 19, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here