git-2.43.5-3.el8_10
エラータID: AXSA:2025-9978:03
リリース日:
2025/06/04 Wednesday - 16:20
題名:
git-2.43.5-3.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Git には、サイドバンドチャンネルを用いてサーバーからクライアント
の標準エラー出力に対しサニタイズされていない出力を許容してしまう
問題があるため、リモートの攻撃者により、細工された応答を介して、
任意の端末制御文字の実行を可能とする脆弱性が存在します。
(CVE-2024-52005)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-52005
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
追加情報:
N/A
ダウンロード:
SRPMS
- git-2.43.5-3.el8_10.src.rpm
MD5: 0787597016efe86b127cf872dc5c0c24
SHA-256: e75e6938487ae52642eccc0d3467e8a0b4d145e43558100637b0e4abfe95bec7
Size: 7.15 MB
Asianux Server 8 for x86_64
- git-2.43.5-3.el8_10.x86_64.rpm
MD5: 4bba5cd4f5a2b70e643c8624b6e06f93
SHA-256: eb84f4dfdd2c6d6412d4e4db54f09b4cb383b01169fa1f3a6a598d4b51d0a881
Size: 91.43 kB - git-all-2.43.5-3.el8_10.noarch.rpm
MD5: 095b619f37f93be4de99d7fc592a424f
SHA-256: 72bc1996e745d07820203eb96e13e47448202b32d5bc3735138cb687fb46b1c6
Size: 48.25 kB - git-core-2.43.5-3.el8_10.x86_64.rpm
MD5: e13522d3a4e4d676dadbfe8154ea344a
SHA-256: 40a355b0c029f87c16f538be34fecbdfaba08048fbb7815e945dfb41bc29b2d9
Size: 11.09 MB - git-core-doc-2.43.5-3.el8_10.noarch.rpm
MD5: 4da5b92ee0dd8c4e184c291f79387a6f
SHA-256: 3998463ebce04d79d8239573dbd9cff4b3c9260b597986912db545a731f48e7c
Size: 3.06 MB - git-credential-libsecret-2.43.5-3.el8_10.x86_64.rpm
MD5: 280866554711a7321b929f0f5a68cc8e
SHA-256: 7e989b01449fd12536694d7f01aaa41908f66c6e6fda2ed40776fd89561b5470
Size: 55.29 kB - git-daemon-2.43.5-3.el8_10.x86_64.rpm
MD5: 7da2baab0110f932534869a211a5a8d9
SHA-256: c2f7d8f1022621d2b4ebbc2f419ef0fe80798e901ef3b8961df80deead0fcac6
Size: 1.05 MB - git-email-2.43.5-3.el8_10.noarch.rpm
MD5: 61cda590361f61a190b0c2eb1ea4d39e
SHA-256: ff25c63bbc77d6e4a0aec2b7c84fe9731ff20a2e4645496f6298638d3737dd00
Size: 93.39 kB - git-gui-2.43.5-3.el8_10.noarch.rpm
MD5: ef40933e9c1c4847727089a3f52c3d4c
SHA-256: c065ab2bf64a98d9a3029cd5cb68798623fc736395592b15892cf143b9aa0cf6
Size: 305.92 kB - git-instaweb-2.43.5-3.el8_10.noarch.rpm
MD5: 79ab8a5c75e9a58d6e1147acd704bfaa
SHA-256: 20386e98b75c4491dc591d808be9094f0d2a942570cfd38ff16569a3a56a6038
Size: 63.15 kB - gitk-2.43.5-3.el8_10.noarch.rpm
MD5: 382446d2e47d09be1fa43dc2d2b59f73
SHA-256: 8ea2534178dd973c4954c94811d4d83cc10cf69da15ddb540cecc10e84b6fde5
Size: 208.97 kB - git-subtree-2.43.5-3.el8_10.x86_64.rpm
MD5: 099599868d98d43b7c18ade95aa81bc3
SHA-256: 04152f9980bd2dda721692ff164a7b8e15a58ce52e5f44f10003c9a16323ce91
Size: 72.85 kB - git-svn-2.43.5-3.el8_10.noarch.rpm
MD5: 4c6dc661a393653a7fda28a287228fe1
SHA-256: 89fef3cc1ed1e0b7d8dc3cce8e50101b6b0adca0788e4e7cfcbfe8900f323302
Size: 110.58 kB - gitweb-2.43.5-3.el8_10.noarch.rpm
MD5: b42ed96872c209a6242011c96dafcf3d
SHA-256: a2ad35b6126bfbbcf25ead3c8c0919bc263ed50fed5f4da957af98258c9462d6
Size: 189.96 kB - perl-Git-2.43.5-3.el8_10.noarch.rpm
MD5: d267f5916c53359936fd3171e410e35c
SHA-256: 91783570c32e6c2e099c3ead290b867cafbcccd6ded5b67fb48568696101d6a2
Size: 78.02 kB - perl-Git-SVN-2.43.5-3.el8_10.noarch.rpm
MD5: 5e2647aa71a0e56ff7e3eb9b2026b870
SHA-256: 787540d9f3d78e373ac636c247d5771138404d5a08af36677e06b240c33d2522
Size: 94.74 kB