Ubuntu alert USN-5376-4 (git)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-5376-4] Git regression
Date:
             
 
Fri, 27 Feb 2026 18:01:43 +0000
Message-ID:
             
 
<E1vw29n-0006Vs-Fa@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-5376-4
February 25, 2026

git regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

USN-5376-1 introduced a regression in Git

Software Description:
- git: fast, scalable, distributed revision control system

Details:

USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety
checks introduced in the update were not able to be set using the command
line, contrary to expectations. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 俞晨东 discovered that Git incorrectly handled certain repository paths  in
 platforms with multiple users support. An attacker could possibly use
 this issue to run arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  git                             1:2.34.1-1ubuntu1.16

Ubuntu 20.04 LTS
  git                             1:2.25.1-1ubuntu3.14+esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5376-4
  https://ubuntu.com/security/notices/USN-5376-3
  https://ubuntu.com/security/notices/USN-5376-2
  https://ubuntu.com/security/notices/USN-5376-1
  https://launchpad.net/bugs/2142239

Package Information:
  https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmfIcoACgkQcpJm3tlz
hgF2Vw//Y2xHf6gk2CvTl/JfEmsGl8S1qaogkGw0Upf8aaXehWqs9uE1nbz9q2/E
y32hJt5kEhaJyEs6XRrm5bQEImZOsLLawSUzlNc/2ahHXS6dLal45gda489N3cK1
y9lHsFMDkRbkZBApVtdazaQ4CVPNxr16x8NMk4NKs54eapC2k3NwTAehSJSmY1UA
1dXnRb9yvWQpXVt2Yzm900xfmyJSmo4J3YNQZZBDutFAC4IN1DpTCQRKmRuZAzwm
FT3O1otHnBTtYbQwxq1Wv3LEZCx0BFKZgEe06jTD+XptdmNug9cf3n0xxVnONug2
n2suPJ9xMX3Q53MijfYnMZZezsvUlsXiJ48z+xsL3AXGtEluvy8VVtlPAEDJzq0g
rsxmgaVYLUPgWiuzHT5qWKTJophFOpOUwUb65H1YsIzd1p6BTcVsQeopQyL44bF8
7szVeTewKMZ5HtaREct/IosdYXKdezANffOS7tq6w7cVBGjK6yy4jP3bBdXzsUYT
zRHqao8GXC42QDSi58IzYHyQZIb2b63IdftkLKIZAJB4lfQCeyroLzeZWr312H1K
fUFAqdPb/F3NUC56uEELenuHzmYu/Yl0sSczxeVwqtn6binsLEaJEC+zQ5edyoW/
XuaJJy/O7s4FXEt22RZK3qI3PLzaZ0pNAGdfnZ9ky1jTq8r8q/o=
=Tq7j
-----END PGP SIGNATURE-----