Git 的安全性問題

在「Remote Code Execution in all git versions (client + server) < 2.7.1: CVE-2016-2324, CVE-2016‑2315」這邊看到歡樂的 CVE-2016-2315CVE-2016-2324,屬於 RCE 類漏洞。

Git 2.7.1 之前的所有版本都有問題,看起來由於問題過於大條,在 2016/02/06 發表的「Git v2.7.1 Release Notes」沒有標出這兩個 CVE,讓所有 vendor 有時間升級。

不過看起來 GitLab 不在被通知的 vendor 裡面,很無奈的在 CVE 公開後馬上推出新版,需要升級到最新版本:「GitLab 8.5.7 Released」。

This entry was posted in Computer, Murmuring, Programming, Security, Software and tagged , , , , , , , . Bookmark the permalink.

3 Responses to Git 的安全性問題

  1. Laël says:

    I did a mistake concerning the version :
    Even 2.7.3 contains path_name()

    So the only way to fix it is to draw your compilers and compile the current master branch at

  2. Pingback: Soft & Share 週報-7 | Soft & Share

  3. Pingback: Xcode 7.3.1 總算更新了 Git... | Gea-Suan Lin's BLOG

Leave a Reply

Your email address will not be published. Required fields are marked *