Advisory: CLSA-2023:1681137249
OS: Ubuntu 16.04 ELS
Public date: 2023-04-10 10:34:10
Project: git
Version: 1:2.7.4-0ubuntu1.10+tuxcare.els2
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2023-1681137249.html
* SECURITY UPDATE: When cloning a repository with `--local`, Git relies on either making a hardlink or copy to every file in the "objects" directory of the source repository. As a result, malformed repository containing symbolic links pointing at the sensitive information on the victim's machine could be copied - debian/patches/CVE-2022-39253.patch: prevent copying symbolic links - debian/patches/tests-for-CVE-2022-39253.patch: tests - CVE-2022-39253
Update command: apt-get update apt-get --only-upgrade install git*
git_2.7.4-0ubuntu1.10+tuxcare.els2_amd64.deb git-all_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-arch_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-core_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-cvs_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-daemon-run_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-daemon-sysvinit_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-doc_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-el_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-email_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-gui_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-man_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-mediawiki_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb git-svn_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb gitk_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb gitweb_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb