Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844393
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for git (USN-4329-1)
Summary:The remote host is missing an update for the 'git'; package(s) announced via the USN-4329-1 advisory.
Description:Summary:
The remote host is missing an update for the 'git'
package(s) announced via the USN-4329-1 advisory.

Vulnerability Insight:
Felix Wilhelm discovered that Git incorrectly handled certain URLs that
included newlines. A remote attacker could possibly use this issue to trick
Git into returning credential information for a wrong host.

Affected Software/OS:
'git' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-5260
Debian Security Information: DSA-4657 (Google Search)
https://www.debian.org/security/2020/dsa-4657
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/
https://security.gentoo.org/glsa/202004-13
http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html
https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b
https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/
https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html
http://www.openwall.com/lists/oss-security/2020/04/15/5
http://www.openwall.com/lists/oss-security/2020/04/15/6
http://www.openwall.com/lists/oss-security/2020/04/20/1
SuSE Security Announcement: openSUSE-SU-2020:0524 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html
SuSE Security Announcement: openSUSE-SU-2020:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
https://usn.ubuntu.com/4329-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.