Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in Git (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Git (Aktualisierung)
ID: USN-7207-2
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS
Datum: Do, 27. Februar 2025, 23:12
Referenzen: https://www.cve.org/CVERecord?id=CVE-2024-50349
https://www.cve.org/CVERecord?id=CVE-2024-52006
Applikationen: Git
Update von: Zwei Probleme in Git

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0786149048879763464==
Content-Language: fr, en-CA, en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------AsfY1QvYquBiVcPK80IUA0bx"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------AsfY1QvYquBiVcPK80IUA0bx
Content-Type: multipart/mixed;
 boundary="------------1GCqQk4nzD0fTyV2xOvbaGtE";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <9ee7c490-7fad-46d2-a162-e69bf70aa49b@canonical.com>
Subject: [USN-7207-2] Git vulnerabilities
Autocrypt-Gossip: addr=security@ubuntu.com; keydata=
 xsFNBF7HusQBEADHo6tQYXvxFcsmh1TW7uO5iJODq86SLfHg4GakjZuwqK3kIDeHmfEBgT4s
 +2+xXO8T5Q7ivna2K7bpcuUc33smqxX+vaMvaEACPyObGEtQ70irhG5NGN6neNIFVQyD3IBo
 zxFEq71rkcl0l2QUaQegfmSCrDBDq7tH40ZFfzfqIhDEd1b8b6pHmLImXnFpQ6TFgsRwMbF6
 KFRgBWk0YWxY33oalw+fyle2zTWiwI3kw5XP+Xjs9f/C7b63t9Cl1wUdxVCQn1+Jq1mKL/Of
 G/G3RHuC3tovU6JvF45Lv8kAGMpHkM9Nm9ptlT50lcZU2Nc2m34G/i4gPeAeHboQmc+ORNC9
 w7DhUseg1W48jEWriUW5CA29r9pqU+vjRafYIBsqtchXasqtcuzeDd5Witezo3tV1eyvJy38
 lKoENPA0cODDkuINmrVZt98dBjGnmKZHUa9HpmEyJ/LxfLK61mFLf3NQfPYeTpt/ML7Mb4CU
 TkPxs8LiigJgbGuCffbdvdyZLsxM+YLspak4XMfErpv+f2awOBgb+M6oOuvtb53r7BIu2AVH
 Od+U4URcg4rW/EWH4xVfedpMyIsDUSrP99rfufEBioTwRDxsrntwOXvfCRc2WaVLMbqODYIX
 jC+AynbHqEkQZVxDEuRS3pjoDnJ7R7piBHy7iL5Wb9nVihamSwARAQABzSVVYnVudHUgU2Vj
 dXJpdHkgPHNlY3VyaXR5QHVidW50dS5jb20+wsGUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAFiEEQHJg92Fuzk2dEkYnmOl0DcNFOeAFAmRREggFCQss8cQACgkQmOl0DcNF
 OeCbiQ//RdpnfN5oJ/Px1IQLFA0x6kEZAUjNpN1Mupfb52oX+dg774r/TawIc7tUE+o/WKuC
 Lh+0JI8HF8OIlN9cm+RrixQGll482qFWcWw/Nb7nnFtvwOCxlaTABGttEmesAZ125p6W7KIR
 6bRGxTXJ5Z50TLNUyBmc3+G3/hZigsFLBI/9GGzKCWNxobDfM9IQCknie/yfJ1NVeRoyXUpK
 dfgq9Pl/ohvR3BMrvw1XMTuxQn4C1cRcv+Wle/L/cq4fv3BLySYWElgeoKa2ozj9Fq2LRXF6
 uzO2QaTnfvOk1AdTUFev8lGSVb76nPOvnHcaTTsgRlwmdjTNDEKqSC8h5ZzjaWmPpMCZeY0/
 yTOnVlF5gercYD4utmSEcHMpBqNP1RZPt9SbN6x5v1l/tIA10TTi0UwnhklIsUqEUKXM/FKi
 YDJtzrLevdiPMoSOFCq/GY7fphisyXPL8teMLf5QFJ4WaLJdY1JQVMc5whlWj5SPOdWpQ08U
 aAX+bP822ZZ/6GKax+I2g9UN5itsNNz3GGs928zBCbzqAwmhat1LwbhS0Q9gAmrb8l0aPlYe
 9raaTAx/sZc8h11ivSNMExiB+W6184nuPgdqqH5cUPdNpDvvijOH18zj+BwGQ4pf8YyzDLqR
 Ng6BHrdsPgaQwbVVckiKvXP6vzrlruyiwRhKMZXf+MXOwU0EXse6xAEQAMbDPCAsziHrqt7T
 wGMAywGwEh0ADKf+KAL7Wpfpg/Vzeh/4ruQcbOSb83agupq5EJ1jP+JJRZ3nXq0Lhe0vRRzG
 YQJC9uYuHcWNpMY3HMPhSVBYEUr2dmVku6pREoTlUnNtf8ikbI2Hi7RiJ8Dz8s76lNA1t5Ow
 Yf6fw0lJ/5AsZ0KtL28kvZLM77UFSRcgaZyZxt2IQwDnn+YHyhuOtxbrX7yXhkjS/4KdfaUa
 7SN5QY7Cx8wPL9SPjnP0Tqg9SYlZy8D+bRZD+a7ZFeq1vyweCvDsBcCuMNEbMlVpOmCdTipS
 T2pdvcgaFW6WLX5oUZWRxqsBMVmMFuk+ck5hi0mKgWCaah7l2R7tDh9hY8PIpXigLoc8c8Jw
 +x4GFAe0OtU1/9METCtUJ/7dcmWREkLUsU7XqPwG2y+qIDrmZR6arlHMVxF43JZF9mY/ZZHO
 cnPP60c8qcScV4iLhA9hI7SuY1kfNr011zOuCxf+MwvQfeM0e/aKrpPrZNRxLK3ox73FDxeN
 4t+tTdW2Ln7MqorVhtdiJMiTZLt2cptOqQLWzBSwrcceBkHlysgtK9wdeDw1pbHNlG2SxJq+
 ge0zUIZ+ztFs82AGtiEcEXRjtmX9WF5/uFVPj+ZuYT4Rve5Zb8ama6dlD1WR5V9DI+xGIr+t
 d35cwCXde0HaCI+iNDXxABEBAAHCwXwEGAEKACYCGwwWIQRAcmD3YW7OTZ0SRieY6XQNw0U5
 4AUCZFESMwUJCyzx7wAKCRCY6XQNw0U54MOOEACWJmWWJVB6JokT23ByG8qVcPpZFXn6sX1D
 ZyuiWY/X/PgPkYxOmo3Q9ZutoaYLEeqRptSDOfgFS0oD78qjxDh/zSeCqgwmCAhfkH53jJ/L
 bhEwKt79o/PDLEWaYI915UKNpLark2ZuL+iQSSCLhywlzWrT47d7JqndYBgL3ukuQ+LflcoF
 g6RwayUjzGtnWJGN2Pg+BKS8x01AfIFtvn3QhSnBKUxmHneb+iq8bG/tbGoTXTrGmNHNqB7x
 inPt74a+kZRWNBZ28wwf7FQ7nXk8B6kBA6THs3IRew0u3U1qwYSp6v0QVYwj6o+FGSpQdwDW
 KnrHUc7oxrk2pfGY0PPdgcpBKuQ2bhlufLsLwe277zA7Mb36pVaUuf3a7Mswl3oUC8+Si4J9
 HmhthRX9GythWEyUCK2q9LZncaBJMi4Levdc2dkaSVNq166OxJ61fxtlmyHJpBrRPLc2TIxQ
 98v9fYwUVTGvHsneiZH0oxDXqdJs2zgkzVxktLp6mOWZtntu4SJexytJvEjJDMkPweq0PuDX
 pyEsNdweH0vWueQiCNYaFHVuCTBmcGbpF+MxtB+WijbpeJGRyciYfmqk7XuUNOLU7mXotPiE
 ALhdY3Z4JCTuKN+xJT+5vkXRVEsOjibTelUIdFkcSHsJ64yoLJ11fhZdaQx5HnfbHpsqjI5I
 oA==

--------------1GCqQk4nzD0fTyV2xOvbaGtE
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7207-2
February 27, 2025

git vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Git.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

USN-7207-1 fixed vulnerabilities in Git. This update provides the
corresponding updates for Ubuntu 20.04 LTS.

Original advisory details:

  It was discovered that Git incorrectly handled certain URLs when
  asking for credentials. An attacker could possibly use this
  issue to mislead the user into typing passwords for trusted
  sites that would then be sent to untrusted sites instead.
  (CVE-2024-50349)
   It was discovered that git incorrectly handled line endings when
  using credential helpers. (CVE-2024-52006)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   git                             1:2.25.1-1ubuntu3.14

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7207-2
   https://ubuntu.com/security/notices/USN-7207-1
   CVE-2024-50349, CVE-2024-52006

Package Information:
   https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.14

--------------1GCqQk4nzD0fTyV2xOvbaGtE--

--------------AsfY1QvYquBiVcPK80IUA0bx
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfAqPwFAwAAAAAACgkQZWnYVadEvpMB
6Q/+OYtuxrr29ZUghYThD+ms6crUSdC+oKVErdvNluiOMeQOJkdZelMqRzF5bYqE9yZmOr0EjUfa
5ISx8tnc5CGbsWz2ufiQT8UzxUrfIxvgyyrIZTMY1YEttiExn4Heduv4tV0WzWuAtBguBEAvxq2e
RmrcjP/ZWftIl+Toljo5VQSAjtQZWk2Vk9h3xhJA/U96Wx48+OPKWE3cD/qK6PzlOqPDvJaEFi7+
7fCFiFdjOTDc/si2Lq2/0d7sY6/CETvjcr0FGeyHSFStvboG+nEmYe7DRyZMZyoWIWtfU5Hjh2lX
BU3fdz3ln6CZApcwva8XamBwcmB2arDYPDEr9AZk2k9EuCBrz+hnpjDGPvjCFkTPaLRuEVwfRsWA
WpaicK1Tzm23ANR8NVCmIouz7CA6VVB/WnCzascsmMH0+xwweTqtb1nXFP5MzzZw9b6MQIGGHqpN
HEOyE0bKFJAkqvAu4mkYcRBZ7bfPGhsA7IA+hoyr5Svj7yWFYx3kxy3x6V+Vh3WBnhDx4U8BVU/8
XOOSxK51JMtQ4Kdi5kdcMUIjxPH1S7ya6/5zEKIlB/yPkkcV3hctH19Q2DAi5fyWBuhFDsxXn//9
aoYZ0unAWb6p/We71bpjvtL+PM5ESMZe1zDqBPX+tuz1++xnuLRvcaknUPP1AZ2lrR+KV+XFRw9U
o4w=
=ZYqu
-----END PGP SIGNATURE-----

--------------AsfY1QvYquBiVcPK80IUA0bx--


--===============0786149048879763464==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============0786149048879763464==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung