ProHoster > Blog > internet nhau > Git Kusagadzikana Kunotungamira kune Dhata Leakage uye Kuwedzeredza

Git Kusagadzikana Kunotungamira kune Dhata Leakage uye Kuwedzeredza

Mapeji eGit 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, uye 2.30.8 aburitswa kune distributed source control system. Mapeji aya anotarisa matambudziko maviri anokanganisa ma local cloning optimizations uye murairo wekuti "git apply". Unogona kutevera kuburitswa kwepakeji yekuvandudzwa kweaya mapeji pamapeji anotevera: Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD. Kana kuisa update kusingaite, senzira yekugadzirisa dambudziko, tinokurudzira kudzivirira "git clone" operation nesarudzo ye "--recurse-submodules" ine untrusted repositories, uye kusashandisa mirairo ye "git apply" uye "git am" ine untested code.

  • Vulnerability CVE-2023-22490 inobvumira munhu anorwisa kutonga pamusoro pezviri mukati meiyo cloned repository kuti iwane yakavanzika data pane yemushandisi system. Zvikanganiso zviviri zvinoita kuti kuve nenjodzi iyi:

    Chikanganiso chekutanga chinobvumira, kana uchishanda neyakagadzirirwa repository, kuwana mashandisirwo emunharaunda cloning optimizations kunyangwe uchishandisa chekufambisa chinodyidzana nekunze masisitimu.

    Chikanganiso chechipiri chinobvumira kuiswa kwechiratidzo chekubatanidza panzvimbo ye $ GIT_DIR / zvinhu dhairekitori, yakafanana nenjodzi CVE-2022-39253, gadziriso iyo yakavharira kuiswa kwechiratidzo chekubatanidza mu $GIT_DIR/zvinhu dhairekitori, asi haina kutarisa chokwadi chekuti iyo $GIT_DIR yechiratidzo pachayo inogona kukanda dhairekitori.

    Mune yemuno cloning modhi, git inoendesa $GIT_DIR/zvinhu kune yakanangwa dhairekitori nekudzikisira zvinongedzo zvinongedzo, zvichikonzera kuti mafaera anorehwa nemalink ari kukopwa zvakananga kune chinangwa dhairekitori. Kuchinjira kune emunharaunda cloning optimizations yezvisiri-yemunharaunda zvifambiso zvinobvumira kushandiswa kwekusagadzikana kana uchishanda nevekunze repositori (semuenzaniso, inodzokorodza kuisirwa ma submodules ne "git clone --recurse-submodules" murairo unogona kutungamira mukuvharisa hutsinye repository yakaiswa se submodule mune imwe repository).

  • Vulnerability CVE-2023-23946 inobvumira zviri mukati memafaira kunze kwedhairekitori rekushanda kuti zvinyorwe nekupfuudza yakanyatso dhizainiwa ku "git apply" murairo. Semuenzaniso, kurwiswa kunogona kuitwa kana "git application" maitiro anorwisa-akagadzira zvigamba. Kudzivirira zvigamba kubva pakugadzira mafaera kunze kwekopi inoshanda, "git apply" inovharira kugadzirisa kwezvigamba zvinoedza kunyora faira uchishandisa zvinongedzo zvinongedzo. Nekudaro, dziviriro iyi inogona kutenderedzwa nekugadzira chinongedzo chekufananidzira kutanga.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster