GitHub Enterprise 11.10.327
December 04, 2013
- CRIT: Updated Java and other system packages to address critical vulnerabilities.
- CRIT: Updated Ruby to protect against a buffer overflow vulnerability.
- CRIT: Fixed a bug where a user could craft a special request that would allow arbitrary command execution on the appliance.
- HIGH: Updated git for 32-bit and 64-bit installs to prevent a buffer overflow under some conditions.
- HIGH: Kernel updated to prevent an exploit where an SSH user on the appliance could potentially gain elevated root permissions.
- HIGH: Fixed a bug in the API that would allow for brute force password guessing.
- HIGH: Updated Gist to address new Rails security vulnerabilities.
- LOW: Fixed a bug that allowed users to inject LDAP filters into the username field on the login page.
- LOW: Fixed an issue where a Gist's content wasn't filtered correctly and therefore appeared in the log files.