USN-7023-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-7023-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7023-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7023-1

Related

CVE-2023-25815
CVE-2024-32002
CVE-2024-32004
CVE-2024-32020
CVE-2024-32021
CVE-2024-32465
UBUNTU-CVE-2023-25815
UBUNTU-CVE-2024-32002
UBUNTU-CVE-2024-32004
UBUNTU-CVE-2024-32020
UBUNTU-CVE-2024-32021
UBUNTU-CVE-2024-32465

Published

2024-09-19T03:56:46.872736Z

Modified

2024-09-19T03:56:46.872736Z

Summary

git vulnerabilities

Details

Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. This issue was fixed in Ubuntu 16.04 LTS. (CVE-2023-25815)

It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)

It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)

It was discovered that Git incorrectly handled local clones with hardlinked files/directories. An attacker could possibly use this issue to place a specialized repository on their target’s local system. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32020)

It was discovered that Git incorrectly handled certain symlinks. An attacker could possibly use this issue to impact availability and integrity creating hardlinked arbitrary files into users repository’s objects/directory. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32021)

References

Affected packages

Ubuntu:Pro:16.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.10+esm8?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+esm8

Affected versions

1:2.*

1:2.5.0-1

1:2.6.2-1

1:2.6.3-1

1:2.6.4-1

1:2.7.0~rc3-1

1:2.7.0-1

1:2.7.3-0ubuntu1

1:2.7.4-0ubuntu1

1:2.7.4-0ubuntu1.1

1:2.7.4-0ubuntu1.2

1:2.7.4-0ubuntu1.3

1:2.7.4-0ubuntu1.4

1:2.7.4-0ubuntu1.5

1:2.7.4-0ubuntu1.6

1:2.7.4-0ubuntu1.7

1:2.7.4-0ubuntu1.8

1:2.7.4-0ubuntu1.9

1:2.7.4-0ubuntu1.10

1:2.7.4-0ubuntu1.10+esm1

1:2.7.4-0ubuntu1.10+esm3

1:2.7.4-0ubuntu1.10+esm4

1:2.7.4-0ubuntu1.10+esm5

1:2.7.4-0ubuntu1.10+esm6

1:2.7.4-0ubuntu1.10+esm7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "git-core": "1:2.7.4-0ubuntu1.10+esm8",
            "git-daemon-run": "1:2.7.4-0ubuntu1.10+esm8",
            "git-email": "1:2.7.4-0ubuntu1.10+esm8",
            "git-mediawiki": "1:2.7.4-0ubuntu1.10+esm8",
            "git": "1:2.7.4-0ubuntu1.10+esm8",
            "git-el": "1:2.7.4-0ubuntu1.10+esm8",
            "git-cvs": "1:2.7.4-0ubuntu1.10+esm8",
            "git-doc": "1:2.7.4-0ubuntu1.10+esm8",
            "gitk": "1:2.7.4-0ubuntu1.10+esm8",
            "git-arch": "1:2.7.4-0ubuntu1.10+esm8",
            "git-daemon-sysvinit": "1:2.7.4-0ubuntu1.10+esm8",
            "git-svn": "1:2.7.4-0ubuntu1.10+esm8",
            "git-gui": "1:2.7.4-0ubuntu1.10+esm8",
            "git-man": "1:2.7.4-0ubuntu1.10+esm8",
            "gitweb": "1:2.7.4-0ubuntu1.10+esm8",
            "git-all": "1:2.7.4-0ubuntu1.10+esm8"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.18+esm1?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.17.1-1ubuntu0.18+esm1

Affected versions

1:2.*

1:2.14.1-1ubuntu4

1:2.15.1-1ubuntu2

1:2.17.0-1ubuntu1

1:2.17.1-1ubuntu0.1

1:2.17.1-1ubuntu0.3

1:2.17.1-1ubuntu0.4

1:2.17.1-1ubuntu0.5

1:2.17.1-1ubuntu0.6

1:2.17.1-1ubuntu0.7

1:2.17.1-1ubuntu0.8

1:2.17.1-1ubuntu0.9

1:2.17.1-1ubuntu0.10

1:2.17.1-1ubuntu0.11

1:2.17.1-1ubuntu0.12

1:2.17.1-1ubuntu0.13

1:2.17.1-1ubuntu0.14

1:2.17.1-1ubuntu0.15

1:2.17.1-1ubuntu0.16

1:2.17.1-1ubuntu0.17

1:2.17.1-1ubuntu0.18

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "git-daemon-run": "1:2.17.1-1ubuntu0.18+esm1",
            "git-email": "1:2.17.1-1ubuntu0.18+esm1",
            "git-mediawiki": "1:2.17.1-1ubuntu0.18+esm1",
            "git": "1:2.17.1-1ubuntu0.18+esm1",
            "git-el": "1:2.17.1-1ubuntu0.18+esm1",
            "git-cvs": "1:2.17.1-1ubuntu0.18+esm1",
            "git-doc": "1:2.17.1-1ubuntu0.18+esm1",
            "gitk": "1:2.17.1-1ubuntu0.18+esm1",
            "git-dbgsym": "1:2.17.1-1ubuntu0.18+esm1",
            "git-daemon-sysvinit": "1:2.17.1-1ubuntu0.18+esm1",
            "git-svn": "1:2.17.1-1ubuntu0.18+esm1",
            "git-gui": "1:2.17.1-1ubuntu0.18+esm1",
            "git-man": "1:2.17.1-1ubuntu0.18+esm1",
            "gitweb": "1:2.17.1-1ubuntu0.18+esm1",
            "git-all": "1:2.17.1-1ubuntu0.18+esm1"
        }
    ]
}