ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities nyob rau hauv Git uas ua rau cov ntaub ntawv to thiab overwriting

Vulnerabilities nyob rau hauv Git uas ua rau cov ntaub ntawv to thiab overwriting

Kev kho qhov tso tawm ntawm qhov kev faib tawm tswj qhov system Git 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7 thiab 2.30.8 tau luam tawm, uas kho ob qhov tsis zoo, cuam tshuam rau kev ua kom zoo rau lub zos cloning thiab "git thov" hais kom ua. Koj tuaj yeem taug qab qhov kev tso tawm pob hloov tshiab hauv kev faib tawm ntawm nplooj ntawv ntawm Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD. Yog tias nws tsis tuaj yeem nruab qhov hloov tshiab, nws raug pom zoo kom ua haujlwm kom tsis txhob ua "git clone" kev ua haujlwm nrog "--recurse-submodules" kev xaiv ntawm cov chaw khaws khoom tsis ntseeg, thiab kom tsis txhob siv "git thov" thiab " git am" commands ntawm untrusted repositories. code.

  • CVE-2023-22490 qhov tsis zoo tso cai rau tus neeg tawm tsam uas tswj hwm cov ntsiab lus ntawm lub chaw khaws cia cloned kom nkag mus rau cov ntaub ntawv nkag siab ntawm tus neeg siv lub cev. Ob qho kev tsis txaus siab ua rau muaj qhov tshwm sim ntawm qhov tsis zoo:

    Thawj qhov tsis txaus ntseeg tso cai, thaum ua haujlwm nrog lub chaw cia khoom tshwj xeeb, kom ua tiav kev siv cov cloning optimizations hauv zos txawm tias siv kev thauj mus los uas cuam tshuam nrog cov tshuab sab nraud.

    Qhov tsis txaus ntseeg thib ob tso cai rau qhov chaw ntawm cov cim txuas hloov pauv ntawm $ GIT_DIR / cov npe khoom, zoo ib yam li qhov muaj qhov tsis zoo CVE-2022-39253, qhov kho uas thaiv qhov kev tso kawm ntawm cov cim txuas hauv $ GIT_DIR / cov npe khoom, tab sis tsis tau tshawb xyuas qhov tseeb tias $GIT_DIR/cov khoom directory nws tus kheej tej zaum yuav yog ib lub cim txuas.

    Hauv hom cloning hauv zos, git hloov $ GIT_DIR / khoom mus rau lub hom phiaj directory los ntawm dereferencing cov symlinks, uas ua rau cov ntaub ntawv ncaj qha xa mus rau lub hom phiaj directory. Hloov mus siv cov cloning optimizations hauv zos rau kev thauj mus los tsis yog hauv zos tso cai rau kev siv cov kev tsis zoo thaum ua haujlwm nrog cov chaw khaws khoom sab nraud (piv txwv li, recursively suav nrog cov submodules nrog cov lus txib "git clone -recurse-submodules" tuaj yeem ua rau cloning ntawm qhov chaw cia siab phem ntim khoom raws li submodule. nyob rau hauv lwm lub repository).

  • Vulnerability CVE-2023-23946 tso cai rau cov ntsiab lus ntawm cov ntaub ntawv sab nraud ntawm cov ntaub ntawv ua haujlwm tau sau los ntawm kev hla cov lus qhia tshwj xeeb uas tsim los rau "git thov" hais kom ua. Piv txwv li, kev tawm tsam tuaj yeem ua tiav thaum lub sijhawm ua haujlwm ntawm thaj chaw npaj los ntawm tus neeg tawm tsam hauv "git thov". Txhawm rau thaiv thaj ua rau thaj los ntawm kev tsim cov ntaub ntawv sab nraud ntawm daim ntawv ua haujlwm, "git thov" thaiv kev ua haujlwm ntawm thaj ua rau thaj uas sim sau cov ntaub ntawv siv symlinks. Tab sis nws hloov tawm tias qhov kev tiv thaiv no tuaj yeem hla dhau los ntawm kev tsim cov cim txuas hauv thawj qhov chaw.

Tau qhov twg los: opennet.ru

Ntxiv ib saib