CLSA-2023-1677096675

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2023-1677096675

Upstream

CVE-2021-23521

CVE-2021-40330

CVE-2022-39260

CVE-2022-41903

CVE-2023-23946

Published

2023-02-22T20:11:15Z

Modified

2026-06-04T10:03:38.164606622Z

Summary

Fix of 5 CVEs

Details

SECURITY UPDATE: out-of-bounds write caused by integer overflow
- debian/patches/CVE-2022-41903.patch: use 'size_t' instead of 'int' to track the string lengths and so allow >2GB input sizes.
- CVE-2022-41903
- t-mark-submodule-clean-test-as-known-failure.patch: mark submodule clean test as known failure and so pass 'make test'.
SECURITY UPDATE: possible cross-protocol requests
- debian/patches/CVE-2021-40330.patch: forbid newlines in host and path.
- CVE-2021-40330
SECURITY UPDATE: out-of-bounds write and possible RCE caused by integer overflow
- debian/patches/CVE-2022-39260.patch: reject too long command line strings in split_cmdline().
- CVE-2022-39260
SECURITY UPDATE: out-of-bounds write when reading an unreasonably large .gitattributes file
- debian/patches/CVE-2021-23521.patch: implement line and overall size checks for .gitattributes files.
- CVE-2021-23521
SECURITY UPDATE: possible write outside of the repository's working directory
- debian/patches/CVE-2023-23946.patch: prevent git-apply from writing behind newly created symbolic links.
- CVE-2023-23946

References

https://errata.cloudlinux.com/ubuntu16_04-els/CLSA-2023-1677096675

Affected packages

TuxCare:Ubuntu:16.04

git

Package

Name: git
Purl: pkg:deb/tuxcare/git?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-all

Package

Name: git-all
Purl: pkg:deb/tuxcare/git-all?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-arch

Package

Name: git-arch
Purl: pkg:deb/tuxcare/git-arch?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-core

Package

Name: git-core
Purl: pkg:deb/tuxcare/git-core?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-cvs

Package

Name: git-cvs
Purl: pkg:deb/tuxcare/git-cvs?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-daemon-run

Package

Name: git-daemon-run
Purl: pkg:deb/tuxcare/git-daemon-run?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-daemon-sysvinit

Package

Name: git-daemon-sysvinit
Purl: pkg:deb/tuxcare/git-daemon-sysvinit?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-doc

Package

Name: git-doc
Purl: pkg:deb/tuxcare/git-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-el

Package

Name: git-el
Purl: pkg:deb/tuxcare/git-el?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-email

Package

Name: git-email
Purl: pkg:deb/tuxcare/git-email?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-gui

Package

Name: git-gui
Purl: pkg:deb/tuxcare/git-gui?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-man

Package

Name: git-man
Purl: pkg:deb/tuxcare/git-man?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-mediawiki

Package

Name: git-mediawiki
Purl: pkg:deb/tuxcare/git-mediawiki?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

git-svn

Package

Name: git-svn
Purl: pkg:deb/tuxcare/git-svn?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

gitk

Package

Name: gitk
Purl: pkg:deb/tuxcare/gitk?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"

gitweb

Package

Name: gitweb
Purl: pkg:deb/tuxcare/gitweb?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1677096675.json"