Home / mailings [USN-7964-1] Git vulnerabilities
Posted on 15 January 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7964-1
January 15, 2026
git vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Git.
Software Description:
- git: fast, scalable, distributed revision control system
Details:
It was discovered that Git did not properly sanitize URLs when asking for
credentials via a terminal prompt. An attacker could possibly use this
issue to trick a user into disclosing their password. (CVE-2024-50349)
It was discovered that Git did not properly handle carriage return
characters in its credential protocol. An attacker could use this issue to
send unexpected data to credential helpers, possibly leading to a user
being tricked into disclosing sensitive information. (CVE-2024-52006)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
git 1:2.17.1-1ubuntu0.18+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
git 1:2.7.4-0ubuntu1.10+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7964-1
CVE-2024-50349, CVE-2024-52006
--===============7745386915824198697==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
