[Freeswitch-users] Git Critical Vulnerability Announce!

[Ken Rice]

New Post on freeswitch.org from krice387
check it out at http://ift.tt/1wILkXi
Git Critical Vulnerability Announce!
The Git Team has released a new version of Git to address a critical security vulnerability.

>From the Github description of the problem:

A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected.

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

For more information, see:http://ift.tt/1z9v0RBhttp://ift.tt/1x3mUK2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141218/e50a9219/attachment.html