The following important security vulnerability has been fixed in the 11.10.352 release:
gethostbyname
. Also known as the GHOST vulnerability.Qualys researchers have found a buffer overflow vulnerability in the gethostbyname
function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname
in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.
If you have any questions, please contact support at enterprise@github.com
Thanks!
The GitHub Team