CloudForge Vulnerability Communication - Git client issue

CloudForge has been made aware of a vulnerability with Git clients. This vulnerability affects all versions of Git clients and Git-compatible clients that access Git repositories in a case-insensitive file system. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. This is a client-side vulnerability and does not affect Git servers. Git clients running on Windows and Mac OS X are affected by this vulnerability. Please find more information here:

http://article.gmane.org/gmane.linux.kernel/1853266

We recommend you to update your Git clients to v2.2.1 as soon as possible to avoid this security vulnerability.

For GitEye users, GitEye 1.9.0 was released today which includes a fix for this vulnerability. More information on this client version can be found here:

https://ctf.open.collab.net/sf/go/post16496
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.giteye/wiki/ReleaseNotes

If you have any questions or need additional information, please feel free to contact support.

PS: Please ignore this message if you do not use Git version control system or use Git client on Linux.

Have more questions? Submit a request

0 Comments

Article is closed for comments.