git-1.8.3.1-25.0.1.el7.AXS7

エラータID: AXSA:2024-8721:09

Release date: 
Tuesday, August 27, 2024 - 15:22
Subject: 
git-1.8.3.1-25.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Git is a fast, scalable, distributed revision control system with an unusually
rich command set that provides both high-level operations and full access to
internals.

The git rpm installs the core tools with minimal dependencies. To install all
git packages, including tools for integrating with other SCMs, install the
git-all meta-package.

Security Fix(es):

* CVE-2024-32004: detect dubious ownership of local repositories, backport the
necessary functions

CVE(s):
CVE-2024-32004
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

Solution: 

Update packages.

CVEs: 
CVE-2024-32004
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. git-1.8.3.1-25.0.1.el7.AXS7.x86_64.rpm
    MD5: 32769fd3ffb0941827edf5ff851ad1d6
    SHA-256: 50ec380c69504025311a1a4b769124b40c1ba435337b8afaa0fe8b09b18f96e3
    Size: 4.41 MB
  2. perl-Git-1.8.3.1-25.0.1.el7.AXS7.noarch.rpm
    MD5: 27e6d62b4fa3f4f92a70ab91b7aaf101
    SHA-256: 8a9cfbe421deda1164732ab0b90e99897c2e6ca6e56a29feae8ccb933f8df5ca
    Size: 55.83 kB