Update Git Client Right Now for Staying Secure!

Windows Articles

How to finish a task and force to close a program in Windows 10

Hello! We use numerous applications in Windows 10 on a daily basis. However, these programs can fail and crash. That is, it...

How to install Android on a USB key

Hi! Android is a very versatile mobile operating system because it is based on Linux kernel and other open-source software, it can...

Microsoft releases emergency update.

Security is one of the fundamental issues for Microsoft in Windows 10. In fact, since it was launched, the company has changed...

How to remove Windows 10 network credentials

Hi! Every time you access a website using Windows 10, a lot happens. In fact, the system will store the credentials to...

Top free apps for Windows 10

Hello! It is well known that Windows 10 is the most used operating system in the world. Indeed, there are many reasons...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Git is one of the most used software of every coder and advanced user’s life, right? It allows managing, building and exploring the world of different software and other services right from your device. Git is obviously a popular choice. Recently, Git client was updated that fixes a few really critical issues in the system.

The latest release of Git is currently v2.17.1. This and the future versions are likely to prevent security bugs CVE-2018-11235 and CVE-2018-11233. Among these two, the first one is the most dangerous, as it would allow a crook execute codes on a remote client.

You should update your Git client right now. If you’re using any other Git clients than the official one, you should update your software as soon as the vendor releases update.

Arbitrary code execution on users’ PCs

Using specially built Git submodule, a malicious actor could potentially execute codes on others’ PCs. When the user would clone the repo, the way of Git’s submodule handling should allow the execution.

Server-side fixes for Git hosting services

Git client isn’t the only bugged side here. Git’s server-side components are also patched up. This new fix allows the Git hosting service identify if there’re any malicious codes within the hosted repository(s) and sub-modules of those for preventing the potential attack.

According to Jeff King, a GitHub staff member, the server part was the heaviest to accomplish. The detection of the flaw also required a lot of refactoring. King worked on the Git patches where the other teammates worked on VSTS, JGit, and libgit2 etc.

Here’s an in-depth and technical explanation of the patched up vulnerability (CVE-2018-11235). The credit for discovering this vulnerability goes to Etienne Stalmans who reported the vulnerability via the bounty program of GitHub.

How to stay secured

The only way to stay safe now is to update your Git client and server (if you own) right now. Update your Git client right now. If you’re new to Git, learn how to install Git on your system.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to finish a task and force to close a program in Windows 10

Hello! We use numerous applications in Windows 10 on a daily basis. However, these programs can fail and crash. That is, it...

How to install Android on a USB key

Hi! Android is a very versatile mobile operating system because it is based on Linux kernel and other open-source software, it can...

Microsoft releases emergency update.

Security is one of the fundamental issues for Microsoft in Windows 10. In fact, since it was launched, the company has changed...

How to remove Windows 10 network credentials

Hi! Every time you access a website using Windows 10, a lot happens. In fact, the system will store the credentials to...

Top free apps for Windows 10

Hello! It is well known that Windows 10 is the most used operating system in the world. Indeed, there are many reasons...
x