Ubuntu Security Notice 5810-2 - USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
b5fab749008935221b1bf0197a160b355dbb3e8f9cdbf378963579f0d01ceb9d
==========================================================================
Ubuntu Security Notice USN-5810-2
January 19, 2023
git regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5810-1 introduced a regression in Git.
Software Description:
- git: fast, scalable, distributed revision control system
Details:
USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it
was missing some commit lines. This update fixes the problem.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
git 1:2.25.1-1ubuntu3.8
Ubuntu 18.04 LTS:
git 1:2.17.1-1ubuntu0.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5810-2
https://ubuntu.com/security/notices/USN-5810-1
https://launchpad.net/bugs/2003246
Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.8
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.15