Kutulutsa koyenera kwa makina owongolera omwe amagawidwa Git 2.35.2, 2.30.3, 2.31.2, 2.32.1, 2.33.2 ndi 2.34.2 asindikizidwa, momwe ziwopsezo ziwiri zimakhazikika:
- CVE-2022-24765 - Kuwukira kwadziwika pamakina ogwiritsa ntchito ambiri omwe ali ndi maulalo omwe amagawana nawo omwe angayambitse kutsata malamulo omwe amafotokozedwa ndi wogwiritsa ntchito wina. Wowukira atha kupanga chikwatu cha ".git" m'malo omwe amalumikizana ndi ogwiritsa ntchito ena (mwachitsanzo, muakalozera omwe amagawana nawo kapena akalozera omwe ali ndi mafayilo osakhalitsa) ndikuyika ".git/config" file yosinthira momwemo ndi machunidwe a othandizira omwe ali kuyitanidwa ntchito zina zikachitidwa. git command (mwachitsanzo, mutha kugwiritsa ntchito core.fsmonitor parameter kukonza kachitidwe ka code).
Othandizira ofotokozedwa mu ".git/config" adzatchedwa wogwiritsa ntchito wina ngati wogwiritsa ntchitoyo apeza git mu bukhu lapamwamba kuposa ".git" subdirectory yopangidwa ndi wowukirayo. Kuphatikizira kuyimba kumatha kupangidwa mwanjira ina, mwachitsanzo, mukamagwiritsa ntchito ma code editors mothandizidwa ndi git, monga VS Code ndi Atom, kapena mukamagwiritsa ntchito zowonjezera zomwe zimayambitsa "git status" (mwachitsanzo, Git Bash kapena posh-git). Mu mtundu wa Git 2.35.2, chiwopsezocho chinatsekedwa chifukwa cha kusintha kwa malingaliro akusaka ".git" muakalozera omwe ali pansi (chikwatu cha ".git" sichinanyalanyazidwe ngati chili cha wogwiritsa ntchito wina).
- CVE-2022-24767 ndi chiwopsezo cha Windows chomwe chimalola kuti code ichitike ndi mwayi wa SYSTEM mukamagwiritsa ntchito Kuchotsa kwa Git kwa Windows. Vutoli limayamba chifukwa chochotsa chomwe chikuyenda mu bukhu losakhalitsa lomwe limalembedwa ndi ogwiritsa ntchito. Kuwukiraku kumachitika ndikuyika ma DLL olowa m'malo osakhalitsa, omwe amatsitsidwa pomwe chochotsacho chikuyendetsedwa ndi ufulu wa SYSTEM.
Source: opennet.ru