A critical security vulnerability has been found affecting all versions of the Git client 1. If not patched, remote repos could be able to modify the .git config and execute commands on the system. The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1).

Don’t forget, even if not used directly, Git is still utilised in many popular tools including:

Be careful when using remote repos. Github has scanned all repos and therefore, should be considered safe.

Fixing:

OS X

Using Homebrew:

$ brew update && brew upgrade git

Without Homebrew:

or

Ubuntu

$ sudo add-apt-repository ppa:git-core/ppa
$ sudo apt-get update
$ sudo apt-get install git

CentOS

$ sudo yum update git

Windows

Clients

  1. https://github.com/blog/1938-git-client-vulnerability-announced 

Comments