Security Update to Git 2.7.4 and OpenSSH 7.2.p2

We have updated some components of STACK to ensure better security compliance.

  • Updated Git version 2.7.4. Per the release notes: Bugfix patches were backported from the ‘master’ front to plug heap corruption holes, to catch integer overflow in the computation of pathname lengths, and to get rid of the name_path API. Both of these would have resulted in writing over an under-allocated buffer when formulating pathnames while tree traversal. (source: https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt)

  • Updated OpenSSH library version 7.2.p2 due to several security risks that appeared since 2016. OpenSSH version 7 and onwards disabled DSA keys authentication by default. At this point we allow DSA keys to authenticate but in the near future we will disable them due to the standard for new keys being RSA. More information about this update https://www.openssh.com/security.html

Please let us know how we’re doing by adding a comment, emailing us at support, or by tweeting us @unfuddle. As always, we continue to improve Unfuddle STACK so that you can get your best stuff done.

The Unfuddle Team
We bring your projects to LIFE!