Kev kho qhov tso tawm ntawm qhov kev faib tawm tswj qhov system Git 2.35.2, 2.30.3, 2.31.2, 2.32.1, 2.33.2 thiab 2.34.2 tau luam tawm, uas ob qhov tsis zoo raug kho:
- CVE-2022-24765 - Ib qho kev tawm tsam tau raug txheeb xyuas ntawm ntau tus neeg siv tshuab nrog cov npe sib koom uas tuaj yeem ua rau kev ua tiav ntawm cov lus txib uas txhais los ntawm lwm tus neeg siv. Tus neeg tawm tsam tuaj yeem tsim ".git" directory hauv qhov chaw uas cuam tshuam nrog lwm tus neeg siv (piv txwv li, hauv cov npe sib koom lossis cov npe nrog cov ntaub ntawv ib ntus) thiab tso cov ntaub ntawv ".git/config" configuration rau hauv nws nrog kev teeb tsa ntawm cov neeg tuav haujlwm uas yog hu ua thaum qee yam haujlwm raug tua.git cov lus txib (piv txwv li, koj tuaj yeem siv core.fsmonitor parameter los teeb tsa cov lej ua tiav).
Cov neeg ua haujlwm tau teev tseg hauv ".git/config" yuav raug hu ua tus neeg siv sib txawv yog tias tus neeg siv nkag mus rau git hauv ib phau ntawv siab dua ".git" subdirectory tsim los ntawm tus neeg tawm tsam. Nrog rau kev hu tuaj yeem ua tsis ncaj, piv txwv li, thaum siv code editors nrog git kev txhawb nqa, xws li VS Code thiab Atom, lossis thaum siv add-ons uas ua rau "git status" (piv txwv li, Git Bash lossis posh-git). Hauv version Git 2.35.2, qhov tsis muaj zog tau raug thaiv los ntawm kev hloov pauv ntawm kev tshawb nrhiav ".git" hauv cov npe hauv qab (cov ntawv ".git" tam sim no tsis quav ntsej yog tias nws yog lwm tus neeg siv).
- CVE-2022-24767 yog Windows platform-specific vulnerability uas tso cai rau cov cai ua tiav nrog SYSTEM cov cai thaum khiav lub Uninstall kev ua haujlwm ntawm Git rau Windows. Qhov teeb meem yog tshwm sim los ntawm lub uninstaller khiav nyob rau hauv ib ntus directory sau los ntawm cov neeg siv system. Qhov kev tawm tsam yog ua los ntawm kev hloov DLLs rau hauv cov npe ib ntus, uas yuav raug thauj thaum lub uninstaller khiav nrog SYSTEM txoj cai.
Tau qhov twg los: opennet.ru