USN-5376-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5376-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5376-1

Related

Published

2022-04-12T18:38:39.631323Z

Modified

2022-04-12T18:38:39.631323Z

Summary

git vulnerability

Details

俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.

References

Affected packages

Ubuntu:18.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.10?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.17.1-1ubuntu0.10

Affected versions

1:2.*

1:2.14.1-1ubuntu4

1:2.15.1-1ubuntu2

1:2.17.0-1ubuntu1

1:2.17.1-1ubuntu0.1

1:2.17.1-1ubuntu0.3

1:2.17.1-1ubuntu0.4

1:2.17.1-1ubuntu0.5

1:2.17.1-1ubuntu0.6

1:2.17.1-1ubuntu0.7

1:2.17.1-1ubuntu0.8

1:2.17.1-1ubuntu0.9

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "git-daemon-run": "1:2.17.1-1ubuntu0.10",
            "git-email": "1:2.17.1-1ubuntu0.10",
            "git-mediawiki": "1:2.17.1-1ubuntu0.10",
            "git": "1:2.17.1-1ubuntu0.10",
            "git-el": "1:2.17.1-1ubuntu0.10",
            "git-cvs": "1:2.17.1-1ubuntu0.10",
            "git-doc": "1:2.17.1-1ubuntu0.10",
            "gitk": "1:2.17.1-1ubuntu0.10",
            "git-dbgsym": "1:2.17.1-1ubuntu0.10",
            "git-daemon-sysvinit": "1:2.17.1-1ubuntu0.10",
            "git-svn": "1:2.17.1-1ubuntu0.10",
            "git-gui": "1:2.17.1-1ubuntu0.10",
            "git-man": "1:2.17.1-1ubuntu0.10",
            "gitweb": "1:2.17.1-1ubuntu0.10",
            "git-all": "1:2.17.1-1ubuntu0.10"
        }
    ]
}

Ubuntu:20.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.25.1-1ubuntu3.3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.25.1-1ubuntu3.3

Affected versions

1:2.*

1:2.20.1-2ubuntu1

1:2.24.0-1ubuntu1

1:2.24.0-1ubuntu2

1:2.25.0-1ubuntu1

1:2.25.1-1ubuntu1

1:2.25.1-1ubuntu2

1:2.25.1-1ubuntu3

1:2.25.1-1ubuntu3.1

1:2.25.1-1ubuntu3.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "git-daemon-run": "1:2.25.1-1ubuntu3.3",
            "git-email": "1:2.25.1-1ubuntu3.3",
            "git-mediawiki": "1:2.25.1-1ubuntu3.3",
            "git": "1:2.25.1-1ubuntu3.3",
            "git-el": "1:2.25.1-1ubuntu3.3",
            "git-cvs": "1:2.25.1-1ubuntu3.3",
            "git-doc": "1:2.25.1-1ubuntu3.3",
            "gitk": "1:2.25.1-1ubuntu3.3",
            "git-dbgsym": "1:2.25.1-1ubuntu3.3",
            "git-daemon-sysvinit": "1:2.25.1-1ubuntu3.3",
            "git-svn": "1:2.25.1-1ubuntu3.3",
            "git-gui": "1:2.25.1-1ubuntu3.3",
            "git-man": "1:2.25.1-1ubuntu3.3",
            "gitweb": "1:2.25.1-1ubuntu3.3",
            "git-all": "1:2.25.1-1ubuntu3.3"
        }
    ]
}