ISHACK AI BOT

CentOS Linux: CVE-2023-25815: Important: git security update (Multiple Advisories) Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) centos-upgrade-git centos-upgrade-git-all centos-upgrade-git-core centos-upgrade-git-core-debuginfo centos-upgrade-git-core-doc centos-upgrade-git-credential-libsecret centos-upgrade-git-credential-libsecret-debuginfo centos-upgrade-git-daemon centos-upgrade-git-daemon-debuginfo centos-upgrade-git-debuginfo centos-upgrade-git-debugsource centos-upgrade-git-email centos-upgrade-git-gui centos-upgrade-git-instaweb centos-upgrade-git-subtree centos-upgrade-git-svn centos-upgrade-gitk centos-upgrade-gitweb centos-upgrade-perl-git centos-upgrade-perl-git-svn References CVE-2023-25815

Debian: CVE-2023-25815: git -- security update Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 06/28/2024 Added 06/27/2024 Modified 01/30/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815 DLA-3844-1

Debian: CVE-2023-0045: linux -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/25/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0045 CVE - 2023-0045 DLA-3403-1 DLA-3404-1

SUSE: CVE-2023-2269: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/25/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-2269 CVE - 2023-2269 DSA-5448 DSA-5480

CentOS Linux: CVE-2023-29007: Important: git security update (CESA-2023:3263) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) centos-upgrade-emacs-git centos-upgrade-emacs-git-el centos-upgrade-git centos-upgrade-git-all centos-upgrade-git-bzr centos-upgrade-git-cvs centos-upgrade-git-daemon centos-upgrade-git-debuginfo centos-upgrade-git-email centos-upgrade-git-gnome-keyring centos-upgrade-git-gui centos-upgrade-git-hg centos-upgrade-git-instaweb centos-upgrade-git-p4 centos-upgrade-git-svn centos-upgrade-gitk centos-upgrade-gitweb centos-upgrade-perl-git centos-upgrade-perl-git-svn References CVE-2023-29007

Huawei EulerOS: CVE-2023-25815: git security update Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/30/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) huawei-euleros-2_0_sp9-upgrade-git huawei-euleros-2_0_sp9-upgrade-git-help References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815 EulerOS-SA-2023-2332

Rocky Linux: CVE-2023-25815: git (RLSA-2023-3246) Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) rocky-upgrade-git rocky-upgrade-git-core rocky-upgrade-git-core-debuginfo rocky-upgrade-git-credential-libsecret rocky-upgrade-git-credential-libsecret-debuginfo rocky-upgrade-git-daemon rocky-upgrade-git-daemon-debuginfo rocky-upgrade-git-debuginfo rocky-upgrade-git-debugsource rocky-upgrade-git-subtree References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815 https://errata.rockylinux.org/RLSA-2023:3246

Huawei EulerOS: CVE-2023-25652: git security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) huawei-euleros-2_0_sp8-upgrade-git huawei-euleros-2_0_sp8-upgrade-git-core huawei-euleros-2_0_sp8-upgrade-git-core-doc huawei-euleros-2_0_sp8-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 EulerOS-SA-2023-3127

Huawei EulerOS: CVE-2023-29007: git security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) huawei-euleros-2_0_sp8-upgrade-git huawei-euleros-2_0_sp8-upgrade-git-core huawei-euleros-2_0_sp8-upgrade-git-core-doc huawei-euleros-2_0_sp8-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 EulerOS-SA-2023-3127

Debian: CVE-2021-26947: odoo -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-26947 CVE - 2021-26947 DSA-5399-1

SUSE: CVE-2022-42335: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/25/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2022-42335 CVE - 2022-42335

Gentoo Linux: CVE-2023-25815: Git: Multiple Vulnerabilities Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 12/29/2023 Added 12/28/2023 Modified 01/30/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) gentoo-linux-upgrade-dev-vcs-git References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815 202312-15

Gentoo Linux: CVE-2023-29007: Git: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 12/29/2023 Added 12/28/2023 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) gentoo-linux-upgrade-dev-vcs-git References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 202312-15

Gentoo Linux: CVE-2023-30549: Apptainer: Privilege Escalation Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/25/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/30/2025 Description Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf.This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts.(Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files.The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. Solution(s) gentoo-linux-upgrade-app-containers-apptainer References https://attackerkb.com/topics/cve-2023-30549 CVE - 2023-30549 202311-13

Gentoo Linux: CVE-2023-25652: Git: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 12/29/2023 Added 12/28/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) gentoo-linux-upgrade-dev-vcs-git References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 202312-15

Apache Superset Signed Cookie Priv Esc Disclosed 04/25/2023 Created 09/13/2023 Description Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user and retrieve database credentials saved in Apache Superset. Author(s) h00die paradoxis Spencer McIntyre Naveen Sunkavally Development Source Code History

Alpine Linux: CVE-2023-29007: Injection Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/14/2024 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 https://security.alpinelinux.org/vuln/CVE-2023-29007

VMware Photon OS: CVE-2023-0045 Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 04/25/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0045 CVE - 2023-0045

Amazon Linux AMI 2: CVE-2023-2269: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/25/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-318-240-529 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-179-168-710 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-110-70-143 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2269 AL2/ALAS-2023-2100 AL2/ALASKERNEL-5.10-2023-033 AL2/ALASKERNEL-5.15-2023-020 AL2/ALASKERNEL-5.4-2023-047 CVE - 2023-2269

Debian: CVE-2021-23166: odoo -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-23166 CVE - 2021-23166 DSA-5399-1

Oracle Linux: CVE-2023-29007: ELSA-2023-3245:git security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 05/24/2023 Added 05/23/2023 Modified 01/07/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user&apos;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection. Solution(s) oracle-linux-upgrade-emacs-git oracle-linux-upgrade-emacs-git-el oracle-linux-upgrade-git oracle-linux-upgrade-git-all oracle-linux-upgrade-git-bzr oracle-linux-upgrade-git-core oracle-linux-upgrade-git-core-doc oracle-linux-upgrade-git-credential-libsecret oracle-linux-upgrade-git-cvs oracle-linux-upgrade-git-daemon oracle-linux-upgrade-git-email oracle-linux-upgrade-git-gnome-keyring oracle-linux-upgrade-git-gui oracle-linux-upgrade-git-hg oracle-linux-upgrade-git-instaweb oracle-linux-upgrade-gitk oracle-linux-upgrade-git-p4 oracle-linux-upgrade-git-subtree oracle-linux-upgrade-git-svn oracle-linux-upgrade-gitweb oracle-linux-upgrade-perl-git oracle-linux-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 ELSA-2023-3245 ELSA-2023-3246 ELSA-2023-3263

Debian: CVE-2023-29007: git -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 06/28/2024 Added 06/27/2024 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 DLA-3844-1

Debian: CVE-2023-25652: git -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 06/28/2024 Added 06/27/2024 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 DLA-3844-1

Debian: CVE-2021-23178: odoo -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/30/2025 Description Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-23178 CVE - 2021-23178 DSA-5399-1

FreeBSD: VID-D2C6173F-E43B-11ED-A1D7-002590F2A714 (CVE-2023-25652): git -- Multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 05/05/2023 Added 04/27/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) freebsd-upgrade-package-git freebsd-upgrade-package-git-lite freebsd-upgrade-package-git-tiny References CVE-2023-25652