[GitHub] Vulnerability announced: update your Git clients - Overclock.net - An Overclocking Community

Forum Jump: 

[GitHub] Vulnerability announced: update your Git clients

 
Thread Tools
post #1 of 2 (permalink) Old 12-19-2014, 09:46 AM - Thread Starter
New to Overclock.net
 
Shrak's Avatar
 
Join Date: Dec 2011
Location: Nixers / Reddit
Posts: 10,323
Rep: 605 (Unique: 370)
Source
Quote:
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected.

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.

For the many Git users out there thumb.gif
Shrak is offline  
Sponsored Links
Advertisement
 
post #2 of 2 (permalink) Old 12-19-2014, 09:51 AM
New to Overclock.net
 
SectorNine50's Avatar
 
Join Date: Aug 2010
Location: Oregon, USA
Posts: 3,846
Rep: 188 (Unique: 141)
Nice thing about GitHub for Windows is that it auto-updates when you open it... biggrin.gif

Quote:
The Dalai Lama, when asked what surprised him most about humanity, answered, “Man. Because he sacrifices his health in order to make money. Then he sacrifices money to recuperate his health. And then he is so anxious about the future that he does not enjoy the present; the result being that he does not live in the present or the future; he lives as if he is never going to die, and then dies having never really lived.”


SectorNine50 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off