- Vulnerability/
- USN-6793-1
USN-6793-1: Git vulnerabilities
First published: Tue May 28 2024(Updated: )
It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-32002) It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-32004) It was discovered that Git incorrectly handled local clones with hardlinked files/directories. An attacker could possibly use this issue to place a specialized repository on their target's local system. (CVE-2024-32020) It was discovered that Git incorrectly handled certain symlinks. An attacker could possibly use this issue to impact availability and integrity creating hardlinked arbitrary files into users repository's objects/directory. (CVE-2024-32021) It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-32465)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/git | <1:2.43.0-1ubuntu7.1 | 1:2.43.0-1ubuntu7.1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/git | <1:2.40.1-1ubuntu1.1 | 1:2.40.1-1ubuntu1.1 |
| Ubuntu | =23.10 | |
| All of | ||
| ubuntu/git | <1:2.34.1-1ubuntu1.11 | 1:2.34.1-1ubuntu1.11 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/git | <1:2.25.1-1ubuntu3.12 | 1:2.25.1-1ubuntu3.12 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2024-32021
- https://ubuntu.com/security/CVE-2024-32020
- https://ubuntu.com/security/CVE-2024-32002
- https://ubuntu.com/security/CVE-2024-32004
- https://ubuntu.com/security/CVE-2024-32465
- https://ubuntu.com/security/notices/USN-7023-1
- https://ubuntu.com/security/notices/USN-6793-2
- https://launchpad.net/ubuntu/+source/git/1:2.43.0-1ubuntu7.1
- https://launchpad.net/ubuntu/+source/git/1:2.40.1-1ubuntu1.1
- https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.11
- https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.12
- https://ubuntu.com/security/notices/USN-6793-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-6793-1?
The severity of USN-6793-1 is critical due to the potential for arbitrary code execution.
How do I fix USN-6793-1?
To fix USN-6793-1, update Git to the patched versions for your Ubuntu release, such as 1:2.43.0-1ubuntu7.1 for 24.04 LTS.
What is the impact of USN-6793-1?
The impact of USN-6793-1 includes potential exploitation that could allow an attacker to execute arbitrary code on affected installations.
Which versions of Ubuntu are affected by USN-6793-1?
Ubuntu versions 20.04, 22.04, 23.10, and 24.04 are affected by USN-6793-1 if they are using vulnerable versions of Git.
Does USN-6793-1 affect all users of Git on Ubuntu?
Not all users are affected, only those running specific older versions of Git on the listed Ubuntu releases.
- agent/severity
- agent/last-modified-date
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.04
- version/ubuntu/23.10
- version/ubuntu/22.04
- version/ubuntu/20.04