SB2025071895 - openEuler 24.03 LTS SP1 update for git

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Protection Mechanism Failure (CVE-ID: CVE-2025-27613)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system. 

Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled. 

2) Input validation error (CVE-ID: CVE-2025-27614)

The vulnerability allows a remote attacker to compromise the affected system.

A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.

3) Untrusted search path (CVE-ID: CVE-2025-46334)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an untrusted search path in Git GUI on Windows. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu.

Note, the vulnerability affects Windows installations only. 

4) Product UI does not warn user of unsafe actions (CVE-ID: CVE-2025-46835)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing notifications in Git GUI when performing potentially dangerous actions. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.

5) CRLF injection (CVE-ID: CVE-2025-48384)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.

6) Input validation error (CVE-ID: CVE-2025-48385)

The vulnerability allows a remote attacker to compromise the affected client.

The vulnerability exists due to insufficient validation of bundle-uri parameter when cloning a repository. A remote attacker can trick the victim into cloning a specially crafted repository, perform a protocol injection attack and write code to arbitrary locations on the system, leading to remote code execution. 

7) Buffer overflow (CVE-ID: CVE-2025-48386)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in wincred credential helper. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1846