エラータID: AXSA:2023-5623:05

Release date: 
Monday, May 29, 2023 - 13:10
Affected Channels: 
MIRACLE LINUX 9 for x86_64

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
* git: Bypass of protections (CVE-2022-29187)
* git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
* git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.


Update packages.

Additional Info: 



  1. git-2.39.1-1.el9.src.rpm
    MD5: b638b6298a02d34a10c18a7389805ca9
    SHA-256: 7016754ff2764c157e09bf9868d82e88475b8d9d3a19bc0242f977aa26eaaf40
    Size: 6.87 MB

Asianux Server 9 for x86_64
  1. git-2.39.1-1.el9.x86_64.rpm
    MD5: c3f732b7bf990f2bda715835b9c48e43
    SHA-256: efc0ccc342f154d397609fba1c443d0fe8cbbd0a81236a2355e926a86e631cf7
    Size: 62.10 kB
  2. git-all-2.39.1-1.el9.noarch.rpm
    MD5: 86a1289f967c9b43a054619a3b29a3ab
    SHA-256: ee9ebbf05b086a3a3abe00922934d44bf7e86f4f6a5bba64dc12a3de3b5fa004
    Size: 8.54 kB
  3. git-core-2.39.1-1.el9.x86_64.rpm
    MD5: 830cdcaf78931d59b4267b0774ebddc7
    SHA-256: 71931686dd62ca5c59740bfc8f09df27d173a7fce596397e47f0ce9c0cad0e4d
    Size: 4.19 MB
  4. git-core-doc-2.39.1-1.el9.noarch.rpm
    MD5: e0b769b3095cbd4c9b08d49623db8c4a
    SHA-256: 065daf6d37406e2e31f11e4b29e7b4ea3087aeafb4229fac75aec57b6d9e275e
    Size: 2.58 MB
  5. git-credential-libsecret-2.39.1-1.el9.x86_64.rpm
    MD5: 2da98ae9caa209ae9f3b7de3028b62cf
    SHA-256: df85380882ccfaa138ad2928b2a9a5ca94b7c7fae54725435db823565441e3bd
    Size: 14.79 kB
  6. git-daemon-2.39.1-1.el9.x86_64.rpm
    MD5: f6fd623ab4dd57e1a87d0d480def36bd
    SHA-256: 65052fc744aa39a4e5536cf75be5af0d89a207db5701f6492a9c8578307a53cb
    Size: 313.55 kB
  7. git-email-2.39.1-1.el9.noarch.rpm
    MD5: 36f2973043bd68cf6ae7924cd13be47b
    SHA-256: c903ed64ec24c7f7f38c2d674a790a7b4a8c8560d9e29e4c875356bcd4b72e9e
    Size: 53.73 kB
  8. git-gui-2.39.1-1.el9.noarch.rpm
    MD5: 82338fb1304cdcccf917803eed30633a
    SHA-256: 94565c2ebf5858d15c75c0442c050bbbf471654e1754c789a728460ce01d5fc4
    Size: 243.46 kB
  9. git-instaweb-2.39.1-1.el9.noarch.rpm
    MD5: 5fed4ead87eb698af1afb20bf100e5a5
    SHA-256: 8ce3047a6c5d1ec7fc1c72e8dff78f3463dc9dec246dda98d7465d6590a063d2
    Size: 25.94 kB
  10. gitk-2.39.1-1.el9.noarch.rpm
    MD5: a33cd9650fc37acbc73bc804f9c714fb
    SHA-256: d61746d6d202f31d93336064b7e6f64c4fb5bae62b52869729d0c3123f68a2a6
    Size: 157.68 kB
  11. git-subtree-2.39.1-1.el9.x86_64.rpm
    MD5: ffd96afc9aa8de484e097247e4b71b62
    SHA-256: 343e944300db1176a3f8c1efe92be90586ca73e7afd485e6119a456bf482ee21
    Size: 35.04 kB
  12. git-svn-2.39.1-1.el9.noarch.rpm
    MD5: 329a9bfbe039cf5a2d63fd863923cb3d
    SHA-256: 732287f01dd2f58a14877271a7d00c699b74b6480b89bcffd0c7b6fdeae85dab
    Size: 70.29 kB
  13. gitweb-2.39.1-1.el9.noarch.rpm
    MD5: 0cc0df3154b146fca6b38106d009fc42
    SHA-256: 7ff4c067961f6543dd7353bbb6b1418dcbd12ed3eb5b66b0f049538a53f206bd
    Size: 143.94 kB
  14. perl-Git-2.39.1-1.el9.noarch.rpm
    MD5: 1dd3fe4810464765800a1ab2cc225d01
    SHA-256: cfd816a714678b2089f1a53930a72f9a1ab9b3054f1d140400102301f5cde044
    Size: 38.11 kB
  15. perl-Git-SVN-2.39.1-1.el9.noarch.rpm
    MD5: 3b47c56efd48b0fbdbfd0ce512056fa9
    SHA-256: 556a69e010de215decf3ab85e55da847e473c54374b4839300ff09c168af7051
    Size: 52.72 kB