mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-10 22:21:11 +08:00
25 lines
1.6 KiB
Markdown
25 lines
1.6 KiB
Markdown
Git 2.2.1 Released To Fix Critical Security Issue
|
|
================================================================================
|
|
|
|
|
|
Git 2.2.1 was released this afternoon to fix a critical security vulnerability in Git clients. Fortunately, the vulnerability doesn't plague Unix/Linux users but rather OS X and Windows.
|
|
|
|
Today's Git vulnerability affects those using the Git client on case-insensitive file-systems. On case-insensitive platforms like Windows and OS X, committing to .Git/config could overwrite the user's .git/config and could lead to arbitrary code execution. Fortunately with most Phoronix readers out there running Linux, this isn't an issue thanks to case-sensitive file-systems.
|
|
|
|
Besides the attack vector from case insensitive file-systems, Windows and OS X's HFS+ would map some strings back to .git too if certain characters are present, which could lead to overwriting the Git config file. Git 2.2.1 addresses these issues.
|
|
|
|
More details via the [Git 2.2.1 release announcement][1] and [GitHub has additional details][2].
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
via: http://www.phoronix.com/scan.php?page=news_item&px=MTg2ODA
|
|
|
|
作者:[Michael Larabel][a]
|
|
译者:[译者ID](https://github.com/译者ID)
|
|
校对:[校对者ID](https://github.com/校对者ID)
|
|
|
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
|
|
[a]:http://www.michaellarabel.com/
|
|
[1]:http://article.gmane.org/gmane.linux.kernel/1853266
|
|
[2]:https://github.com/blog/1938-git-client-vulnerability-announced |