Recently discovered vulnerabilities in the application, which were disclosed late last month (CVE-2016-2315, CVE-2016-2324), put Git repositories at risk of a remote code execution vulnerability that could allow an attacker to compromise servers used for source control.
As a provider of server hosting for developers and Git users, Future Hosting is concerned that the vulnerabilities have not been widely publicized, leaving many developers and projects vulnerable.
The vulnerabilities are present in the Git 2.x, 1.9, and 1.7 branches. Git users should immediately update both Git servers and clients using their Linux distribution’s package manager. Most major distributions, including CentOS, now have patched versions in their repository.
“Future Hosting provides managed hosting services for thousands of developers and software projects, with both self-hosted Git repositories and BitBucket SaaS hosting plans,” said Maulesh Patel, VP of Operations at Future Hosting, “We want to ensure that developers are aware of the potential risks and that they update all Git clients and servers as soon as possible.”
Git is used by millions of developers and, since its initial release by Linux creator Linus Torvalds, has become the de facto standard for open source version control. Many popular open source and proprietary software projects use Github. Any exploitable vulnerability could put those projects at risk.
Founded in 2001, Future Hosting is based in Southfield, Michigan. The hosting provider is specializing in managed hosting with services including dedicated servers, virtual private servers (VPS hosting), and hybrid virtual private servers.