Update anything on the desktop that touches GitHub if you want to live
GitHub has acknowledged there's a flaw in its client software and recommended that users upgrade as soon as possible.
News of the flaw was announced at
GMANE and GitHub has
confirmed the existence of the flaw and issued a recommendation for “all users of GitHub and GitHub Enterprise to update their Git clients as soon as possible.”
The flaw means “ An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine.”
“Linux clients are not affected if they run in a case-sensitive filesystem,” the service's warning reads, but are nonetheless encouraged to upgrade. Windows and Mac OS users have no excuse not to upgrade, as “Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability.”
