SoylentNews

Critical Git Bug Allows Malicious Code Execution on Client Machines

posted by Blackmoore on Monday December 22 2014, @08:00PM   
from the get-out-the-ddt dept.

martyb writes:

Found on Ars Technica — "Critical Git bug allows malicious code execution on client machines":

Developers who use the official Git client and related software are being urged to install a security update that kills a bug that could allow attackers to hijack end-user computers.

The critical vulnerability affects all Windows- and Mac-based versions of the official Git client and related software that interacts with Git repositories, according to an advisory published Thursday. The bug can be exploited to give remote code execution when the client software accesses booby-trapped Git repositories.

• Re:I understand that Linus hates C++ with a passio Re:I understand that Linus hates C++ with a passio (Score: 4, Informative) by tibman on Monday December 22 2014, @09:47PM

  by tibman (134) on Monday December 22 2014, @09:47PM (#128490)

  The vulnerability is really outside the project and lies with the filesystem. Git tries to write a file called abc and the filesystem overwrites a file called ABC. The language used is immaterial in this case. Good attempt at some kind of flamebait though : )

  --
  SN won't survive on lurkers alone. Write comments.

  Parent

  Starting Score:	1		point
  Moderation		+2
  Informative=2, Total=2
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		4

• Linus should have considered case-insensitive file Linus should have considered case-insensitive file (Score: 1) by MichaelDavidCrawford on Monday December 22 2014, @09:51PM

  by MichaelDavidCrawford (2339) <mdcrawford@gmail.com> on Monday December 22 2014, @09:51PM (#128494) Homepage Journal

  -systems.

  While it's true that the native Linux filesystems are case-sensitive, it supports lots of case-insensitive ones. Not just from Microsoft, also Apple HFS, HFS+, BeOS BFS and so on.

  --
  Yes I Have No Bananas. [gofundme.com]

  Parent

  • Re:Linus should have considered case-insensitive f Re:Linus should have considered case-insensitive f (Score: 2) by pe1rxq on Monday December 22 2014, @09:56PM

    by pe1rxq (844) on Monday December 22 2014, @09:56PM (#128496) Homepage

    So first you accuse Linus of using the wrong language, now you accuse him of maintaining a kernel with support for to many filesystems????
    Are you aware that the operating systems which are vulnerable are macos and windows? Both of which do not run the linux kernel?

    What will be youre next try?

    Parent

    • I understand that English is not his Mother Tongue I understand that English is not his Mother Tongue (Score: -1, Troll) by MichaelDavidCrawford on Monday December 22 2014, @10:01PM

      by MichaelDavidCrawford (2339) <mdcrawford@gmail.com> on Monday December 22 2014, @10:01PM (#128499) Homepage Journal

      If he doesn't want to speak English he should go back to Finland.

      --
      Yes I Have No Bananas. [gofundme.com]

      Parent

      • Re:I understand that English is not his Mother Ton (Score: 2) by francois.barbier on Tuesday December 23 2014, @12:25PM

        by francois.barbier (651) on Tuesday December 23 2014, @12:25PM (#128638)

        Hahaha...
        Good one!

        Parent