USN-6050-1: Git vulnerabilities

Releases

• Ubuntu 23.04
• Ubuntu 22.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• git - fast, scalable, distributed revision control system

Details

It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwriting some paths.
(CVE-2023-25652)

Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. (CVE-2023-25815)

André Baptista and Vítor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to arbitrary configuration injection. (CVE-2023-29007)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.04

• git - 1:2.39.2-1ubuntu1.1

Ubuntu 22.10

• git - 1:2.37.2-1ubuntu1.5

Ubuntu 22.04

• git - 1:2.34.1-1ubuntu1.9

Ubuntu 20.04

• git - 1:2.25.1-1ubuntu3.11

Ubuntu 18.04

• git - 1:2.17.1-1ubuntu0.18

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-25815
• CVE-2023-29007
• CVE-2023-25652

Related notices

• USN-7023-1: git-gui, gitk, git-doc, git-core, git-email, git, git-cvs, git-daemon-sysvinit, git-svn, git-man, git-mediawiki, git-el, git-all, git-arch, git-daemon-run, gitweb
• USN-6050-2: git-gui, gitk, git-doc, git-core, git-email, git, git-cvs, git-daemon-sysvinit, git-svn, git-man, git-mediawiki, git-el, git-all, git-arch, git-daemon-run, gitweb