Mageia: 2020-0175 Critical: Git Malicious URL Security Update

mageia

April 16, 2020

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host

Summary

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).

References

- https://bugs.mageia.org/show_bug.cgi?id=26483

- https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q

- https://www.cve.org/CVERecord?id=CVE-2020-5260

Topics Covered

security advisory credential issue malicious URL git update Mageia

Resolution

SRPMS

- 7/core/git-2.21.2-1.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 16 Apr 2020

URL: https://advisories.mageia.org/MGASA-2020-0175.html

Type: security

CVE: CVE-2020-5260

Topics Covered

security advisory credential issue malicious URL git update Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks