UBUNTU-CVE-2023-29007

Source
https://ubuntu.com/security/CVE-2023-29007
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-29007.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-29007
Related
Published
2023-04-25T17:00:00Z
Modified
2024-11-20T12:26:08Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in config.c::git_config_copy_or_rename_section_in_file(). This bug can be used to inject arbitrary configuration into a user's $GIT_DIR/config when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as core.pager, core.editor, core.sshCommand, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit on untrusted repositories or without prior inspection of any submodule sections in $GIT_DIR/config.

References

Affected packages

Ubuntu:Pro:16.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.7.4-0ubuntu1.10+esm7

Affected versions

1:2.*

1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
1:2.7.4-0ubuntu1.1
1:2.7.4-0ubuntu1.2
1:2.7.4-0ubuntu1.3
1:2.7.4-0ubuntu1.4
1:2.7.4-0ubuntu1.5
1:2.7.4-0ubuntu1.6
1:2.7.4-0ubuntu1.7
1:2.7.4-0ubuntu1.8
1:2.7.4-0ubuntu1.9
1:2.7.4-0ubuntu1.10
1:2.7.4-0ubuntu1.10+esm1
1:2.7.4-0ubuntu1.10+esm3
1:2.7.4-0ubuntu1.10+esm4
1:2.7.4-0ubuntu1.10+esm5
1:2.7.4-0ubuntu1.10+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-arch"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-core"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.7.4-0ubuntu1.10+esm7",
            "binary_name": "gitweb"
        }
    ]
}

Ubuntu:18.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.17.1-1ubuntu0.18

Affected versions

1:2.*

1:2.14.1-1ubuntu4
1:2.15.1-1ubuntu2
1:2.17.0-1ubuntu1
1:2.17.1-1ubuntu0.1
1:2.17.1-1ubuntu0.3
1:2.17.1-1ubuntu0.4
1:2.17.1-1ubuntu0.5
1:2.17.1-1ubuntu0.6
1:2.17.1-1ubuntu0.7
1:2.17.1-1ubuntu0.8
1:2.17.1-1ubuntu0.9
1:2.17.1-1ubuntu0.10
1:2.17.1-1ubuntu0.11
1:2.17.1-1ubuntu0.12
1:2.17.1-1ubuntu0.13
1:2.17.1-1ubuntu0.14
1:2.17.1-1ubuntu0.15
1:2.17.1-1ubuntu0.16
1:2.17.1-1ubuntu0.17

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-dbgsym"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.17.1-1ubuntu0.18",
            "binary_name": "gitweb"
        }
    ]
}

Ubuntu:20.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.25.1-1ubuntu3.11

Affected versions

1:2.*

1:2.20.1-2ubuntu1
1:2.24.0-1ubuntu1
1:2.24.0-1ubuntu2
1:2.25.0-1ubuntu1
1:2.25.1-1ubuntu1
1:2.25.1-1ubuntu2
1:2.25.1-1ubuntu3
1:2.25.1-1ubuntu3.1
1:2.25.1-1ubuntu3.2
1:2.25.1-1ubuntu3.3
1:2.25.1-1ubuntu3.4
1:2.25.1-1ubuntu3.5
1:2.25.1-1ubuntu3.6
1:2.25.1-1ubuntu3.7
1:2.25.1-1ubuntu3.8
1:2.25.1-1ubuntu3.10

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-dbgsym"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.25.1-1ubuntu3.11",
            "binary_name": "gitweb"
        }
    ]
}

Ubuntu:22.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.34.1-1ubuntu1.9

Affected versions

1:2.*

1:2.32.0-1ubuntu1
1:2.33.1-1ubuntu1
1:2.34.1-1ubuntu1
1:2.34.1-1ubuntu1.1
1:2.34.1-1ubuntu1.2
1:2.34.1-1ubuntu1.4
1:2.34.1-1ubuntu1.5
1:2.34.1-1ubuntu1.6
1:2.34.1-1ubuntu1.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-dbgsym"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:2.34.1-1ubuntu1.9",
            "binary_name": "gitweb"
        }
    ]
}