Search results for: Search

Share your love for open source and learn how to get involved for a chance to win a GitHub hoodie.

This is the fourth and final post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-11484, a vulnerability in whoopsie which enables a local attacker to get a shell as the whoopsie user, thereby gaining the ability to read any crash report.

This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).

This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.

This post summarizes several security vulnerabilities in Ubuntu’s crash reporting system: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790. When chained together, they allow an unprivileged user to read arbitrary files on the system.

IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.

Learn more about what’s behind the scenes with GitHub vulnerability alerts.

We’re sharing the #myfirstrepo contest winners along with how you can easily find your first repository.

Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.

When searching for Azure AD groups to synchronize with GitHub teams, you can now match groups by entering the group email address. Learn more about team synchronization

In this deep-dive, we identified and worked through sporadic latency issues with services running on Kubernetes in our environment.

On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.

The GitHub Advisory Database is a new experience that allows you to browse or search for the vulnerabilities that GitHub knows about. The database contains all curated CVEs and security…

It’s our favorite time of year: GitHub Universe. And we’ve made some exciting announcements. GitHub Actions and Packages are now out of beta, we launched GitHub for mobile, redesigned the notifications experience, and introduced lots of other features we think you’ll love.

Celebrate a GitHub Action’s milestone with highlights of a few key actions and a technology partner’s work.

To celebrate 365 days of achievements, let’s look back at the code and communities built on GitHub this year.

Now out of beta, the internal repository visibility allows an enterprise-owned repository to be read by any member of any organization that belongs to an enterprise account.

Take a look at some of the new features in the latest Git release.

The 2019 theme for Game Off, our annual month-long game jam and hackathon for building games is LEAPS AND BOUNDS. Join now!

The internal repository visibility is now generally available. In addition to recent updates, we’ve added the following capabilities: Search now allows you to filter results for internal repositories using is:internal…

Our help documentation, covering topics on GitHub.com, GitHub Enterprise, GitHub Desktop, and GitHub Pages is now available in Brazilian Portuguese.