- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202312-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Git: Multiple Vulnerabilities
Date: December 27, 2023
Bugs: #838127, #857831, #877565, #891221, #894472, #905088
ID: 202312-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Several vulnerabilities have been found in Git, the worst of which could
lead to remote code execution.

Background
==========

Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.

Affected packages
=================

Package Vulnerable Unaffected
----------- ------------ ------------
dev-vcs/git < 2.39.3 >= 2.39.3

Description
===========

Multiple vulnerabilities have been discovered in Git. Please review the
CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Git users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"

References
==========

[ 1 ] CVE-2022-23521
https://nvd.nist.gov/vuln/detail/CVE-2022-23521
[ 2 ] CVE-2022-24765
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
[ 3 ] CVE-2022-29187
https://nvd.nist.gov/vuln/detail/CVE-2022-29187
[ 4 ] CVE-2022-39253
https://nvd.nist.gov/vuln/detail/CVE-2022-39253
[ 5 ] CVE-2022-39260
https://nvd.nist.gov/vuln/detail/CVE-2022-39260
[ 6 ] CVE-2022-41903
https://nvd.nist.gov/vuln/detail/CVE-2022-41903
[ 7 ] CVE-2023-22490
https://nvd.nist.gov/vuln/detail/CVE-2023-22490
[ 8 ] CVE-2023-23946
https://nvd.nist.gov/vuln/detail/CVE-2023-23946
[ 9 ] CVE-2023-25652
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
[ 10 ] CVE-2023-25815
https://nvd.nist.gov/vuln/detail/CVE-2023-25815
[ 11 ] CVE-2023-29007
https://nvd.nist.gov/vuln/detail/CVE-2023-29007

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202312-15

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWL1vgACgkQFMQkOaVy +9nMYRAAzpFI6JLRxirvcpuw9af09jI2LajQ67Ivd6EAl6vb6/0obZXv7Wl2adY3 HSxZLbeLY+6FDA8hu0Vov+8uc8RK9r7lH/XbGl9Q6vHi+bzG0AVEhY3cQI5TO33d 2kdawE67yA7EaCvznJmenkdgSbDUKOAP4cWneZSNcs3y4Rt2NAlwxA/45BSQjqGT 3XitzBYKejwenlTfaikfQfRhHb6meQ7NNaxoutoReogaqAvm+kurlpgGKJqMOq12 lDmBCJ7e14pZE8NRGTHseOGLcKqwtgp8OqxD4RcmGAZh2WVZro6QA49PRPk99A3Z 6IrfJtf8EEjoGVwMVjxO7RD02R02OUNmSxf2L1NiERARXhOpywMsC+r5h9ylkBpF QqpgTklRHbGM/JbzrDfEF5h499eLeILMngk6ARcMXnfky8CGd4IYZfkV9ONW5npo XVsCY8pMwo92tY2lQbCZwEM9RncRhnvCD+igzEgHQ9waKuGWlGQp1xe/vboye9iA kTx5Hz/JVUY4FxOzX/j/iviD7hdm/sfDiHW8TxuPfiGjjHNcO0NjG+m7pTUXGQ6D LUD6bGawOYJPYD57GUXLzcnQG3C+Z4Ql6ePXJQipE8aRD+jSEdXQStIHHMLg0/V4 vFGurrqfrUv9FLZMJ3r2i19JCWhvdhtRtzyDoUAmPuPO04N5HdU=
=Mmi8
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)