Ubuntu alert USN-7964-1 (git)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7964-1] Git vulnerabilities | |
| Date: | Thu, 15 Jan 2026 19:36:02 +0000 | |
| Message-ID: | <E1vgT8U-0003Zu-8M@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7964-1 January 15, 2026 git vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Git. Software Description: - git: fast, scalable, distributed revision control system Details: It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. (CVE-2024-50349) It was discovered that Git did not properly handle carriage return characters in its credential protocol. An attacker could use this issue to send unexpected data to credential helpers, possibly leading to a user being tricked into disclosing sensitive information. (CVE-2024-52006) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS git 1:2.17.1-1ubuntu0.18+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS git 1:2.7.4-0ubuntu1.10+esm13 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7964-1 CVE-2024-50349, CVE-2024-52006
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlpQUwACgkQcpJm3tlz hgEL4BAAgQYbkmCxsayoMPyxrzyowIyJ94QlUUT1y/rmfjCAv1fIs1ET0QQwUCWA hfRBJ/WeDMLTEK2+eKSev0pTAlDa9alMRJpOD/csvr7zxHDLBfJFppcm+RqWh4Wt e2JG4MhLkOt4YIa+/kRIFP6VZVnWnbsId2IDUDFAIP4ieYGo2XQXNLoj6fiNXG+r qNOASmszvm1RfQbIcOKFVEitAMxfOxBXDCOjArCo7mpwXIBqshsLw1s1g2UXZ2iI g1tagtl7awWvCA+qEPOnileRf0X1XDhKhI59eGjaTZkRJ1C9wnxde+4yCa8Vya0u KZtn8gG44rYA5GLds36ykAv33aDvdMVLlkJ4HfPNmFN5Ziz/PfC9cAzZEWLWbc8U ArVOOZ1Z95CvA24YfviiLCjd5x4mYbm6dAni4oqKDbe6KnhSODWHdARjBmXaqNI1 D2UOuEqCqP1fpUNC0P8geOSinTrEFtXPK9KR5S2sKM2AxMPMDkiRt/z+UXSxqO52 AGBUz08vKAAjUzdNIUYY2WbKzLYMJSvB6ZfEYGOgZCNiStd4jUUdSYpJUT+3dTPR 6v9QCOKJDwgsnBcOCW5KgCQAb2uFT+nG9+HPftWgfig/zVSifcoSCLi2KakJBis3 GRZeQI/Pdk9FrR0g318TGXkdPdHm/XZ8cZw9aDkN4v3jCLqp6qQ= =ki6g -----END PGP SIGNATURE-----