Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Git Security Vulnerability Announced

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

2 of 148 comments (clear)

  1. Re:Unrelated to Github by Anonymous Coward · · Score: 0, Troll

    Do you even comprehend that there are computers in this world that aren't exactly the same as the Linux rig in your basement, narrow-minded nerd?

  2. Re:Case-insensitive file systems... by marcello_dl · · Score: 1, Troll

    I boot linux from a vfat formatted USB stick, you case insensitive clod.

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol