Ubuntu 18.04: Git Critical Credential Issues USN-7964-1 CVE-2024-50349
ubuntu
January 15, 2026
Several security issues were fixed in Git.
Summary
Several security issues were fixed in Git.
Software Description:
- git: fast, scalable, distributed revision control system
Details:
It was discovered that Git did not properly sanitize URLs when asking for
credentials via a terminal prompt. An attacker could possibly use this
issue to trick a user into disclosing their password. (CVE-2024-50349)
It was discovered that Git did not properly handle carriage return
characters in its credential protocol. An attacker could use this issue to
send unexpected data to credential helpers, possibly leading to a user
being tricked into disclosing sensitive information. (CVE-2024-52006)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
git 1:2.17.1-1ubuntu0.18+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
git 1:2.7.4-0ubuntu1.10+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-7964-1
CVE-2024-50349, CVE-2024-52006
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7964-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!