GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Apr 23, 2020 5:26 pm Post subject: [ GLSA 202004-13 ] Git |
 |
|
Gentoo Linux Security Advisory
Title: Git: Information disclosure (GLSA 202004-13)
Severity: low
Exploitable: remote
Date: 2020-04-23
Bug(s): #717156, #718710
ID: 202004-13
Synopsis
Multiple vulnerabilities have been found in Git which might all
allow attackers to access sensitive information.
Background
Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
Affected Packages
Package: dev-vcs/git
Vulnerable: < 2.26.2
Unaffected: >= 2.23.3 < 2.23.4
Unaffected: >= 2.24.3 < 2.24.4
Unaffected: >= 2.25.4 < 2.25.5
Unaffected: >= 2.26.2 < 2.26.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Git. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker, by providing a specially crafted URL, could possibly
trick Git into returning credential information for a wrong host.
Workaround
Disabling credential helpers will prevent this vulnerability.
Resolution
All Git 2.23.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.3"
|
All Git 2.24.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.3"
|
All Git 2.25.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.25.4"
|
All Git 2.26.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.2"
|
References
CVE-2020-11008
CVE-2020-5260 |
|
News & Announcements
