Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Git Releases Security Update With Newline Character Creating Possible Credential Leak

Written by Michael Larabel in Programming on 14 April 2020 at 02:14 PM EDT. Add A Comment

PROGRAMMING

Git 2.26.1 along with new point releases going back to Git 2.17 were issued today as a result of a security issue.

A member of Google's Project Zero team discovered that a specially crafted URL could trick the Git client into sending credential information for an alternative host to an attacker's host.

In this case, the specially crafted URL just needs to contain a newline character (end of line control character) to fool the credential handling on existing Git releases to potentially sending the data off to an alternate host.

With today's emergency updates to Git, the credential protocol code is now rightfully forbidding newline characters in any values. With this vulnerability while it may be easy to spot a forged URL if running the Git clone yourself, this vulnerability was also exposed as part of Git sub-module handling and other operations relying on the credential helper.

This Git credential issue was tracked as CVE-2020-5260. So update Git to avoid this potential malicious disclosure of your Git server user credentials.

Add A Comment

Related News

Rust Linux Kernel Code Prepares For CPU Mitigations Handling

Pingora 0.3 Released With Support For HTTP Modules

Git 2.46-rc0 Continues Preparations For Switching To SHA256 By Default WIth Git 3.0

Mold Linker Gains New Option To Deliver "Massively Faster" Performance

LPython 0.22 Released For Ahead-Of-Time Compiler For Python

The Linux Kernel Matures To Having A Minimum Rust Toolchain Version

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

EXT4 Has A Very Nice Performance Optimization For Linux 6.11

Microsoft's WSL 2.3.11 Brings "Hundreds Of New Kernel Modules" & New Features

systemd Talks Up Automatic Boot Assessment In Light Of The Crowdstrike-Microsoft Outage

XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer

New Linux Patches Enable The Snapdragon X1 Elite Powered Lenovo ThinkPad T14s Gen 6

KDE Developers Tackle The Five Most Common Plasma Crashes

USB & Thunderbolt Improvements Land In Linux 6.11

NVIDIA 560 Linux Driver Beta Released - Defaults To Open GPU Kernel Modules