git-1.8.3.1-24.el7
エラータID: AXSA:2023-5173:03
リリース日:
2023/02/28 Tuesday - 10:10
題名:
git-1.8.3.1-24.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Git には、整数オーバーフローに起因するメモリ領域の範囲外読み
取りおよび書き込みの問題があるため、リモートの攻撃者により、
コミット履歴の一部となるように細工された .gitattributes ファイル
を介して、任意のコード実行を可能とする脆弱性が存在します。
(CVE-2022-23521)
- Git の pretty.c の format_and_pad_commit() 関数には、整数オーバー
フローに起因するメモリ領域の範囲外書き込みの問題があるため、
リモートの攻撃者により、細工された export-subst 属性を設定した
環境下での git archive コマンドの実行を介して、任意のコード実行
を可能とする脆弱性が存在します。(CVE-2022-41903)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-23521
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-41903
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
追加情報:
N/A
ダウンロード:
SRPMS
- git-1.8.3.1-24.el7.src.rpm
MD5: 17af660181e2ee206116d10530a57bee
SHA-256: 56077e242486f5354d7b1a61d9eb9e65ec51a5337a5a3b326492b0586cc504ca
Size: 4.39 MB
Asianux Server 7 for x86_64
- git-1.8.3.1-24.el7.x86_64.rpm
MD5: ca559b3df966a1ce4042b4e66e748c1f
SHA-256: d45834989fce82670580e9946f7821c6c6fc5fb5de5b69b22baac6098451d4b3
Size: 4.40 MB - perl-Git-1.8.3.1-24.el7.noarch.rpm
MD5: fd908b28e3bdbd32a21a6f0c5b3bb597
SHA-256: 2ae049c6eb7a4889d470d83c30bf53c094781e1e493a795822991a710e18aeaa
Size: 55.05 kB
English