Kutulutsa koyenera kwa makina owongolera gwero la Git 2.38.1, 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3 ndi 2.37.4 zasindikizidwa, zomwe zimakonza. zofooka ziwiri, zomwe zimawonekera mukamagwiritsa ntchito lamulo la "git clone" munjira ya "-recurse-submodules" yokhala ndi nkhokwe zosasankhidwa komanso mukamagwiritsa ntchito njira yolumikizirana ya "git shell". Mutha kutsata kutulutsidwa kwa zosintha zamaphukusi pamagawidwe patsamba la Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD.
- CVE-2022-39253 - Kusatetezeka kumalola wowukira yemwe amayang'anira zomwe zili m'malo opangidwa kuti azitha kupeza zinsinsi pamakina a wogwiritsa ntchito poyika maulalo ophiphiritsa a mafayilo omwe ali ndi chidwi mu $GIT_DIR/zinthu bukhu la chosungira chopangidwa. Vuto limangowonekera popangana kwanuko (munjira ya "--local", yomwe imagwiritsidwa ntchito pomwe chandamale ndi gwero la data ya clone ili pagawo lomwelo) kapena popanga chosungira choyipa chomwe chapakidwa ngati submodule m'malo ena (mwachitsanzo, mukaphatikizanso ma submodule ndi lamulo la "git clone" --recurse-submodules").
Chiwopsezochi chimayamba chifukwa chakuti mu "-local" cloning mode, git imasamutsa zomwe zili mu $GIT_DIR/objects kupita ku chikwatu chandamale (kupanga maulalo olimba kapena kukopera kwamafayilo), kusokoneza maulalo ophiphiritsa (ie, monga Zotsatira zake, maulalo osakhala ophiphiritsa amakopera ku chikwatu chandamale , koma mwachindunji mafayilo omwe maulalowo amalozera). Kuti aletse kusatetezeka, kutulutsa kwatsopano kwa git kumaletsa kupangidwa kwa nkhokwe mu "--local" momwe muli maulalo ophiphiritsa mu $GIT_DIR/objects directory. Kuonjezera apo, mtengo wokhazikika wa protocol.file.allow parameter wasinthidwa kukhala "wosuta", zomwe zimapangitsa kuti cloning ntchito pogwiritsa ntchito file:// protocol kukhala yosatetezeka.
- CVE-2022-39260 - Integer kusefukira mu split_cmdline () ntchito yogwiritsidwa ntchito mu lamulo la "git shell". Vuto litha kugwiritsidwa ntchito kuukira ogwiritsa ntchito omwe ali ndi "git shell" ngati chipolopolo chawo cholowera ndipo ali ndi njira yolumikizirana (fayilo ya $HOME/git-shell-commands yapangidwa). Kugwiritsa ntchito chiwopsezo kungayambitse kuphatikizika kwa code pakompyuta potumiza lamulo lopangidwa mwapadera lalikulu kuposa 2 GB kukula kwake.
Source: opennet.ru