Background
Researchers recently discovered security vulnerabilities that were passed along to the Git Project.
Security Vulnerabilities
Source
DevClass
I found out about the vulnerabilities from scrolling through Google News.
Here is the URL:-
devclas.com
Updates for Git and Git for Windows after severe bug rash
Authored By:- Joe Fay
Dated:- 2023-April-27th
Link
In-depth
Git Project
The addressed issues are:
- CVE-2023-25652
- Description
- By feeding specially crafted input to `git apply –reject`, a path outside the working tree can be overwritten with partially controlled contents ( corresponding to the rejected hunk(s) from the given patch ).
- Credits
- Bug Founders
- Ry0taK
- Code Fix
- Git Foundation
- Taylor Blau
- Junio C Hamano
- Johannes Schindelin
- Linux Foundation
- Linus Torvalds
- Git Foundation
- Bug Founders
- Description
- CVE-2023-25815
- Description
- When Git is compiled with runtime prefix support and runs without translated messages, it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for a malicious placement of crafted messages.
- Credits
- Bug Founders
- Michelin CERT team
- Maxime Escourbiac
- Yassine BENGANA
- Michelin CERT team
- Code Fix
- Git Foundation
- Johannes Schindelin
- Git Foundation
- Bug Founders
- Description
- CVE-2023-29007
- Description
- When renaming or deleting a section from a configuration file, certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection.
- Credits
- Bug Founders
- Ethiack
- André Baptista
- Vítor Pinho
- Ethiack
- Code Fix
- Git Foundation
- Taylor Blau
- Johannes Schindelin
- Jeff King
- Git Lab
- Patrick Steinhardt
- Git Foundation
- Bug Founders
- Description
Outline
- Is Git Installed?
- Install Git
- Review Git Install
- Configure Git
Tasks
Is Git Installed?
where
syntax
where [appl]
sample
where git
output
Output Image
Output Text
>where git C:\Program Files\Git\cmd\git.exe >
Explanation
We have confirmation that git is installed.
Git.exe is located in the C:\Program Files\Git\cmd folder.
Update Git
git
git update-git-for-windows
syntax
git update-git-for-windows
sample
git update-git-for-windows --yes
output
Output Text
git update-git-for-windows --yes Git for Windows 2.33.1.windows.1 (64-bit) Update 2.40.1.windows.1 is available Downloading Git-2.40.1-64-bit.exe ######################################################################################################################################################################################################### 100.0% >
Explanation
- We appear to have successfully upgraded git for Windows to v 2.40.1-64-bit.exe
Review Git Install
git
git version
syntax
git --version
sample
git --version
output
Output Image
Output Text
>git --version git version 2.40.1.windows.1 >
Explanation
Confirmed that git version 2.40.1 is installed.
Learning in the Open 