Detections
Analytics
TencentOS Server 3: git (TSSA-2023:0107)
high Nessus Plugin ID 239563
Synopsis
The remote TencentOS Server 3 host is missing one or more security updates.Description
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0107 advisory.Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:
CVE-2023-22490:
A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.
CVE-2023-23946:
A vulnerability was found in Git. This security issue occurs when feeding a crafted input to git apply. A path outside the working tree can be overwritten by the user running git apply.
CVE-2023-25652:
A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.
CVE-2023-25815:
A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.
CVE-2023-29007:
A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://mirrors.tencent.com/tlinux/errata/tssa-20230107.xml
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
Plugin Details
Severity: High
ID: 239563
File Name: tencentos_TSSA_2023_0107.nasl
Version: 1.1
Type: local
Family: Tencent Local Security Checks
Published: 6/16/2025
Updated: 6/16/2025
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:tencent:tencentos_server:git, cpe:/o:tencent:tencentos_server:3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2023
Vulnerability Publication Date: 6/14/2023