USN-7023-1

Source
https://ubuntu.com/security/notices/USN-7023-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7023-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7023-1
Related
Published
2024-09-19T03:56:46.872736Z
Modified
2024-09-19T03:56:46.872736Z
Summary
git vulnerabilities
Details

Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. This issue was fixed in Ubuntu 16.04 LTS. (CVE-2023-25815)

It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)

It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)

It was discovered that Git incorrectly handled local clones with hardlinked files/directories. An attacker could possibly use this issue to place a specialized repository on their target’s local system. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32020)

It was discovered that Git incorrectly handled certain symlinks. An attacker could possibly use this issue to impact availability and integrity creating hardlinked arbitrary files into users repository’s objects/directory. This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32021)

References

Affected packages

Ubuntu:Pro:16.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.7.4-0ubuntu1.10+esm8

Affected versions

1:2.*

1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
1:2.7.4-0ubuntu1.1
1:2.7.4-0ubuntu1.2
1:2.7.4-0ubuntu1.3
1:2.7.4-0ubuntu1.4
1:2.7.4-0ubuntu1.5
1:2.7.4-0ubuntu1.6
1:2.7.4-0ubuntu1.7
1:2.7.4-0ubuntu1.8
1:2.7.4-0ubuntu1.9
1:2.7.4-0ubuntu1.10
1:2.7.4-0ubuntu1.10+esm1
1:2.7.4-0ubuntu1.10+esm3
1:2.7.4-0ubuntu1.10+esm4
1:2.7.4-0ubuntu1.10+esm5
1:2.7.4-0ubuntu1.10+esm6
1:2.7.4-0ubuntu1.10+esm7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-arch"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-core"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm8",
            "binary_name": "gitweb"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.17.1-1ubuntu0.18+esm1

Affected versions

1:2.*

1:2.14.1-1ubuntu4
1:2.15.1-1ubuntu2
1:2.17.0-1ubuntu1
1:2.17.1-1ubuntu0.1
1:2.17.1-1ubuntu0.3
1:2.17.1-1ubuntu0.4
1:2.17.1-1ubuntu0.5
1:2.17.1-1ubuntu0.6
1:2.17.1-1ubuntu0.7
1:2.17.1-1ubuntu0.8
1:2.17.1-1ubuntu0.9
1:2.17.1-1ubuntu0.10
1:2.17.1-1ubuntu0.11
1:2.17.1-1ubuntu0.12
1:2.17.1-1ubuntu0.13
1:2.17.1-1ubuntu0.14
1:2.17.1-1ubuntu0.15
1:2.17.1-1ubuntu0.16
1:2.17.1-1ubuntu0.17
1:2.17.1-1ubuntu0.18

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-dbgsym"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18+esm1",
            "binary_name": "gitweb"
        }
    ]
}