Welcome to our new customer support portal!

 
 

CloudForge Support

Ashok Jan 5 CloudForge Server Status / Maintenance

CloudForge has been made aware of a vulnerability with Git clients. This vulnerability affects all versions of Git clients and Git-compatible clients that access Git repositories in a case-insensitive file system. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. This is a client-side vulnerability and does not affect Git servers. Git clients running on Windows and Mac OS X are affected by this vulnerability. Please find more information here:

http://article.gmane.org/gmane.linux.kernel/1853266

We recommend you to update your Git clients to v2.2.1 as soon as possible to avoid this security vulnerability.

For GitEye users, GitEye 1.9.0 was released today which includes a fix for this vulnerability. More information on this client version can be found here:

https://ctf.open.collab.net/sf/go/post16496
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.giteye/wiki/ReleaseNotes

If you have any questions or need additional information, please feel free to contact support.

PS: Please ignore this message if you do not use Git version control system or use Git client on Linux.

Ashok September 29, 2014 CloudForge Server Status / Maintenance

CloudForge has been made aware of a vulnerability affecting GNU Bash within Linux and UNIX operating systems. Bash shell is the most commonly used shell today in Linux & UNIX, the risk of impact from this vulnerability if left unchecked could be severe. Our Operations have already patched all our servers and no more action is required from user's.

To learn more about systems impact or remediation steps see,
CVE-2014-6271 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
CVE-2014-7169 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
CVE-2014-7186 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186
CVE-2014-7187 https://access.redhat.com/security/cve/CVE-2014-7187

If you have any questions or need additional information please feel free to contact ClousForge Support.

-CloudForge Support.

 

Overview | Recent