Advisory: CLSA-2025:1754648405
OS: Ubuntu 16.04 ELS
Public date: 2025-08-08 10:20:08.464603
Project: git
Version: 1:2.7.4-0ubuntu1.10+tuxcare.els9
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2025-1754648405.html
* SECURITY UPDATE: potential file creation/truncation when cloning untrusted repository in gitk - debian/patches/CVE-2025-27613_CVE-2025-27614_CVE-2025-46835.patch: improve dark mode support, remove hard-coded colors in ttext calls and use colors from the theme for text widgets via Text.Background and Text.Foreground - CVE-2025-27613 * SECURITY UPDATE: security vulnerability allowing arbitrary script execution - debian/patches/CVE-2025-27613_CVE-2025-27614_CVE-2025-46835.patch: Fix hard-coded colors in ttext widgets to use theme colors - CVE-2025-27614 * SECURITY UPDATE: security issue with untrusted repository cloning and file editing - debian/patches/CVE-2025-27613_CVE-2025-27614_CVE-2025-46835.patch: validate directory names to prevent file overwrite attacks - CVE-2025-46835
Update command: apt-get update apt-get --only-upgrade install git*
git_2.7.4-0ubuntu1.10+tuxcare.els9_amd64.deb git-all_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-arch_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-core_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-cvs_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-daemon-run_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-daemon-sysvinit_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-doc_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-el_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-email_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-gui_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-man_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-mediawiki_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb git-svn_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb gitk_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb gitweb_2.7.4-0ubuntu1.10+tuxcare.els9_all.deb