Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

CVE-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

CVE-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Issue Correction: Run dnf update git --releasever 2023.4.20240429 to update your...

SUSE-SU-2023:2038-2 Security update for git

This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree bsc1210686. - CVE-2023-25815: Fixed malicious placemtn of crafted message bsc1210686. - CVE-2023-29007: Fixed arbitrary configuration injection bsc1210686...

SUSE-SU-2023:2038-1 Security update for git

This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree bsc1210686. - CVE-2023-25815: Fixed malicious placemtn of crafted message bsc1210686. - CVE-2023-29007: Fixed arbitrary configuration injection bsc1210686...

MGASA-2023-0097 Updated ruby-git packages fix security vulnerability

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. CVE-2022-46648, CVE-2022-47318...

Important: git

Issue Overview: A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwri...

SUSE-SU-2023:0430-1 Security update for git

This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport bsc1208027. - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply'...

Path traversal

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

DLA-3303-1 ruby-git - security update

Bulletin has no description...

SUSE-SU-2023:0110-1 Security update for git

This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands bsc1207033. - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file bsc1207032...

SUSE-SU-2023:0108-1 Security update for git

This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands bsc1207033. - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file bsc1207032...

[SECURITY] [DLA 3239-1] git security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3239-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler December 13, 2022 https://wiki.debian.org/LTS -...

OESA-2022-2029 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and...

SUSE-SU-2022:2535-1 Security update for git

This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree bsc1201431. - Allow to opt-out from the check added in the security fix for CVE-2022-24765 bsc1200119...

Design/Logic Flaw

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...

U.S. Dept Of Defense: .git folder exposed [HtUS]

Heyy there, I have found a exposed .git folder on https://█████ https://████████/.git/config core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url = https://████ fetch = +refs/heads/:refs/remotes/origin/ Using gitdumper...

SUSE-SU-2022:1306-1 Security update for git

This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree bsc1198234...

CVE-2022-24975

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by...