Kutulutsa koyenera kwa dongosolo logawira gwero la Git 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7 ndi 2.30.8 zasindikizidwa, zomwe zimakonza. zofooka ziwiri, zomwe zimakhudza kukhathamiritsa kwa cloning yakomweko ndi lamulo la "git apply". Mutha kutsata kutulutsidwa kwa zosintha zamaphukusi pamagawidwe patsamba la Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD. Ngati sizingatheke kukhazikitsa zosinthazi, tikulimbikitsidwa kuti mupewe kuchita ntchito ya "git clone" ndi njira ya "-recurse-submodules" pazosungira zosadalirika, ndikupewa kugwiritsa ntchito "git apply" ndi " git am" amalamula pa nkhokwe zosadalirika.
- Chiwopsezo cha CVE-2023-22490 chimalola wowukira yemwe amayang'anira zomwe zili m'malo opangidwa kuti azitha kupeza chidziwitso chodziwika bwino pamakina a wogwiritsa ntchito. Zolakwika ziwiri zimathandizira kuti pakhale chiwopsezo:
Cholakwika choyamba chimalola, pogwira ntchito ndi chosungira chopangidwa mwapadera, kukwaniritsa kugwiritsa ntchito kukhathamiritsa kwa cloning m'deralo ngakhale mutagwiritsa ntchito zoyendera zomwe zimagwirizana ndi machitidwe akunja.
Cholakwika chachiwiri chimalola kuyika kwa ulalo wophiphiritsa m'malo mwa $GIT_DIR/objects directory, chofanana ndi chiwopsezo cha CVE-2022-39253, kukonza komwe kudatsekereza kuyika kwa maulalo ophiphiritsa mu $GIT_DIR/objects directory, koma sanatero. onani kuti $GIT_DIR/objects directory palokha ikhoza kukhala ulalo wophiphiritsa.
M'malo opangira ma cloning, git imasamutsa $GIT_DIR/zinthu kupita ku bukhu landalama pochotsa ma symlink, zomwe zimapangitsa kuti mafayilo omwe atchulidwa mwachindunji akopedwe ku chikwatu chomwe mukufuna. Kusintha kuti mugwiritse ntchito kukhathamiritsa kwapameneko pamayendedwe omwe si amderalo kumathandizira kugwiritsa ntchito ziwopsezo mukamagwira ntchito ndi nkhokwe zakunja (mwachitsanzo, kuphatikiza ma submodules okhala ndi lamulo la "git clone -recurse-submodules" kungayambitse kupangidwa kwa nkhokwe yoyipa yopakidwa ngati submodule. m'malo ena osungira).
- Vulnerability CVE-2023-23946 imalola zomwe zili m'mafayilo omwe ali kunja kwa chikwatu chogwirira ntchito kuti zilembedwenso popereka zomwe zidapangidwa mwapadera ku lamulo la "git apply". Mwachitsanzo, kuwukira kumatha kuchitika panthawi yokonza zigamba zokonzedwa ndi wowukira mu "git apply". Kuti mulepheretse zigamba kuti zisapange mafayilo kunja kwa kope lomwe likugwira ntchito, "git apply" imatsekereza zigamba zomwe zimayesa kulemba fayilo pogwiritsa ntchito ma symlink. Koma zikuoneka kuti chitetezo ichi chitha kulambalala mwa kupanga ulalo wophiphiritsa poyamba.
Source: opennet.ru