Overclock.net banner

1 - 2 of 2 Posts

·
Premium Member
Joined
·
10,324 Posts
Discussion Starter · #1 ·
Source
Quote:
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected.

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.
For the many Git users out there
thumb.gif
 

·
Registered
Joined
·
3,848 Posts
Nice thing about GitHub for Windows is that it auto-updates when you open it...
biggrin.gif
 
1 - 2 of 2 Posts
Top