git-2.39.3-1.el9
エラータID: AXSA:2023-5963:09
リリース日:
2023/06/09 Friday - 09:52
題名:
git-2.39.3-1.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Git には、リンクの解釈が不適切な問題があるため、ローカルの攻撃者
により、巧妙に細工されたリポジトリを介して、データの引き出しを
可能とする脆弱性が存在します。(CVE-2023-22490)
- Git の git apply コマンドには、パストラバーサルの問題があるため、
リモートの攻撃者により、細工された入力を介して、作業ツリーの
外部にあるファイルの上書きを可能とする脆弱性が存在します。
(CVE-2023-23946)
- Git の git apply --reject コマンドには、リモートの攻撃者により、
巧妙に細工されたパッチを介して、作業ツリーの外部にあるファイル
の上書きを可能とする脆弱性が存在します。(CVE-2023-25652)
- Git には、ローカルの攻撃者により、細工されたメッセージファイル
を介して、不正なメッセージの表示を可能とする脆弱性が存在します。
(CVE-2023-25815)
- Git の config.c の git_config_copy_or_rename_section_in_file() 関数には、
config ファイルのセクションを削除する際にユーザーの $GIT_DIR_config
ファイルに任意の設定を挿入できてしまう問題があるため、ローカルの
攻撃者により、1024 文字を超えるサブモジュールの URL を含むように
巧妙に細工した .gitmodules ファイルを介して、任意のコードの実行を
可能とする脆弱性が存在します。(CVE-2023-29007)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22490
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.
CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
CVE-2023-25652
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.
CVE-2023-29007
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
追加情報:
N/A
ダウンロード:
SRPMS
- git-2.39.3-1.el9.src.rpm
MD5: 925192c88d2f757a0b35cbe065176cec
SHA-256: c7ceff10a8142659a586f45534400d1016ab37737f9034ed4554fd1032ce8631
Size: 6.88 MB
Asianux Server 9 for x86_64
- git-2.39.3-1.el9.x86_64.rpm
MD5: 83ffc16eb6585548d9a55020740d4658
SHA-256: d9ff68510f6b7a765876eabfec8c34a385b18dfd7727954fdcd79b455d7c9e42
Size: 61.04 kB - git-all-2.39.3-1.el9.noarch.rpm
MD5: 722b31c5c463509e8db3946de1bb5d87
SHA-256: a85e77133dc7ccaf27c7ad2289f241468ac593d6d59b6d2118002915da895d90
Size: 7.50 kB - git-core-2.39.3-1.el9.x86_64.rpm
MD5: 9f57c40c0f609832fbe3f46d2d07151d
SHA-256: ea5ae9588262e6e0423d435a3ad9e27bc487326b862d25905a1a2e3749743682
Size: 4.23 MB - git-core-doc-2.39.3-1.el9.noarch.rpm
MD5: 2f65910087d8adca6716d544fff53942
SHA-256: 6f2c4d85bf232a090e76a6cda0d14ed07dd81965ce35b0b111836621b84d6945
Size: 2.59 MB - git-credential-libsecret-2.39.3-1.el9.x86_64.rpm
MD5: a81e85c46d50b9103af7d036978a11d7
SHA-256: 67915e2843370c415b05aa1d2582bac9389199e5b8ca95684a4f3c598a9eda5e
Size: 13.77 kB - git-daemon-2.39.3-1.el9.x86_64.rpm
MD5: 048b3feca67fc402046cda281b458c90
SHA-256: 7e687e3922d5329704e7f0eca11885a80c7e249909075748785fc7ca4887304b
Size: 315.01 kB - git-email-2.39.3-1.el9.noarch.rpm
MD5: 0e50fddc3fb82fa8fac0100a01522712
SHA-256: 7a288f3d6c0d6b179c030a26b2abd3128e1cf8379f6d88a3faa79b1974c29781
Size: 52.70 kB - git-gui-2.39.3-1.el9.noarch.rpm
MD5: fe28a3b6d40c73f5e99b09aa443c17d6
SHA-256: 9d7b6b690f75bb6565ee1cd1f535227ba0764bcab755df3aeb33ea72e0f34755
Size: 242.37 kB - git-instaweb-2.39.3-1.el9.noarch.rpm
MD5: 1ea414c208ce6511d24629f534e07c8e
SHA-256: 49ddfcbb8ed96d21d1872aad45b2e6fbef480548e9c4a8f867aaf2d4368aad41
Size: 24.90 kB - gitk-2.39.3-1.el9.noarch.rpm
MD5: 100b2bcbdeaf20c1246440423e006e56
SHA-256: 708e3780139dd54db42307f4d326d84c3fc58dabdd1882a4b2439b5d702d27d2
Size: 156.66 kB - git-subtree-2.39.3-1.el9.x86_64.rpm
MD5: b844e88c627916b9b3df47ccfbd1a4d7
SHA-256: 1d80958e3a5890d430c7fcd4da7ffbbfa05c827f535bb6559931b83ebbc7846d
Size: 34.01 kB - git-svn-2.39.3-1.el9.noarch.rpm
MD5: 496d577b5ccf8742043834eaa3cfab71
SHA-256: 8005051a962eee738ff648f283ffe86d66ea6b4224eaaaeec773626866b8c977
Size: 69.26 kB - gitweb-2.39.3-1.el9.noarch.rpm
MD5: db5059fd1909506e8751f8e71dca2aec
SHA-256: 60ff00425837be659bc1309d3ea72ada9164347744b3b51662310d3c11285505
Size: 142.89 kB - perl-Git-2.39.3-1.el9.noarch.rpm
MD5: 3d3c5cf7211af4fa2a23798aad287de6
SHA-256: 4b132de025f7ed13e59337417d46fd4b85cb4d3ebe9410327c869b3cdb4b706b
Size: 37.08 kB - perl-Git-SVN-2.39.3-1.el9.noarch.rpm
MD5: 6b12731ab4822e7c75733a702358ce17
SHA-256: dcc24a113962985ba8ae98726f19ceeb02613021dbbda9e156d820704b2948ed
Size: 51.68 kB
English