ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities hauv Git thaum cloning submodules thiab siv lub plhaub git

Vulnerabilities hauv Git thaum cloning submodules thiab siv lub plhaub git

Kev kho qhov tso tawm ntawm qhov kev faib tawm tswj qhov system Git 2.38.1, 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3 thiab 2.37.4 tau luam tawm, uas kho ob qhov tsis zoo, uas tshwm sim thaum siv "git clone" hais kom ua hauv "-recurse-submodules" hom nrog cov chaw khaws khoom tsis raug txheeb xyuas thiab thaum siv "git plhaub" hom sib tham sib. Koj tuaj yeem taug qab qhov kev tso tawm pob hloov tshiab hauv kev faib tawm ntawm nplooj ntawv ntawm Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD.

  • CVE-2022-39253 - Qhov muaj qhov tsis zoo tso cai rau tus neeg tawm tsam uas tswj hwm cov ntsiab lus ntawm lub chaw khaws cia cloned kom nkag mus rau cov ntaub ntawv tsis pub lwm tus paub ntawm tus neeg siv lub kaw lus los ntawm kev tso cov cim txuas rau cov ntaub ntawv txaus siab hauv $ GIT_DIR / cov khoom directory ntawm cloned repository. Qhov teeb meem tsuas yog tshwm sim thaum cloning hauv zos (hauv "--loj" hom, siv thaum lub hom phiaj thiab cov ntaub ntawv ntawm cov clone nyob rau hauv tib qhov muab faib) lossis thaum cloning lub chaw cia siab phem ntim raws li cov khoom siv submodule hauv lwm qhov chaw cia khoom (piv txwv li, thaum recursively suav nrog submodules nrog "git clone" hais kom ua --recurse-submodules").

    Qhov tsis zoo yog tshwm sim los ntawm qhov tseeb tias nyob rau hauv "--loj" hom cloning, git hloov cov ntsiab lus ntawm $GIT_DIR / cov khoom mus rau lub hom phiaj directory (tsim nyuaj txuas lossis luam cov ntaub ntawv), ua rau dereference ntawm cov cim txuas (piv txwv li, raws li qhov tshwm sim, cov kev sib txuas uas tsis yog cim tau theej rau lub hom phiaj phau ntawv, tab sis ncaj qha cov ntaub ntawv uas qhov txuas taw qhia). Txhawm rau thaiv qhov tsis zoo, kev tshaj tawm tshiab ntawm git txwv tsis pub cloning ntawm cov chaw khaws cia hauv "--loj" hom uas muaj cov cim txuas hauv $ GIT_DIR / cov npe khoom. Tsis tas li ntawd, lub neej ntawd tus nqi ntawm protocol.file.allow parameter tau hloov mus rau "tus neeg siv", uas ua rau kev ua haujlwm cloning siv cov ntaub ntawv: // raws tu qauv tsis zoo.

  • CVE-2022-39260 - Integer overflow nyob rau hauv lub split_cmdline() muaj nuj nqi siv nyob rau hauv lub "git plhaub" hais kom ua. Qhov teeb meem tuaj yeem siv los tawm tsam cov neeg siv uas muaj "git plhaub" raws li lawv lub plhaub nkag thiab muaj kev sib tham sib ua haujlwm (ib qho $ HOME / git-plhaub-cov ntaub ntawv tau tsim). Kev siv ntawm qhov tsis zoo tuaj yeem ua rau muaj kev ua txhaum cai ntawm lub kaw lus thaum xa cov lus txib tsim tshwj xeeb uas loj dua 2 GB loj.

Tau qhov twg los: opennet.ru

Ntxiv ib saib