Ukukhutshwa kokulungiswa kwenkqubo yolawulo lomthombo osasaziweyo weGit 2.40.1, 2.39.3, 2.38.5, 2.37.7, 2.36.6, 2.35.8, 2.34.8, 2.33.8, 2.32.7, 2.31.8 kunye ne-2.30.9. yapapashwa .XNUMX, ethe yalungisa ubuthathaka obuhlanu. Unokulandela ukukhutshwa kohlaziyo lwephakheji kunikezelo kwi-Debian, Ubuntu, RHEL, SUSE / openSUSE, Fedora, Arch, FreeBSD amaphepha. Njengomsebenzi wokukhusela kubuthathaka, kuyacetyiswa ukuba uthintele ukusebenzisa "git apply --reject" umyalelo xa usebenza neziziba zangaphandle ezingavavanywanga, kwaye ujonge imixholo ye $GIT_DIR/config phambi kokuba usebenzise "git submodule deinit", "git". config --rename-section" kunye ne "git config --remove-section" xa usebenza nogcino olungathembekanga.
I-Vulnerability CVE-2023-29007 ivumela ukutshintshwa kwezicwangciso kwi-$GIT_DIR/configuration file file, engasetyenziselwa ukwenza ikhowudi kwinkqubo ngokucacisa iindlela kwiifayile eziphunyeziweyo kwi-core.pager, core.editor kunye ne-core.sshCommand imiyalelo. Ukuba sesichengeni kubangelwa yimpazamo esengqiqweni ngenxa yokuba amaxabiso oqwalaselo amade kakhulu anokuphathwa njengesiqalo secandelo elitsha xa uthiywa ngokutsha okanye ucima icandelo kwifayile yoqwalaselo. Ngokwesiqhelo, ukutshintshwa kwamaxabiso oxhatshazo kunokufezekiswa ngokuchaza ii-URL zemodyuli ende kakhulu ezigcinwe kwi- $GIT_DIR/ifayile yoqwalaselo ngexesha lokuqaliswa. Ezi URL zinokutolikwa njengezicwangciso ezitsha xa uzama ukuzisusa ngokusebenzisa "git submodule deinit".
Ubungozi be-CVE-2023-25652 buvumela ukubhala ngaphezulu imixholo yeefayile ngaphandle komthi osebenzayo xa iipetshi ezenziwe ngokukodwa zilungiswa ngumyalelo othi "git apply --reject". Ukuba uzama ukwenza ipatch engalunganga ngomyalelo othi "git apply" ozama ukubhala kwifayile ngekhonkco elifuziselayo, umsebenzi uya kwaliwa. Kwi-Git 2.39.1, ukukhuselwa kwe-symlink manipulation kwandisiwe ukuvala iipatches ezenza ii-symlink kunye nokuzama ukubhala ngazo. Umongo wobuthathaka obuphantsi koqwalaselo kukuba iGit ayizange ithathele ngqalelo into yokuba umsebenzisi angenza umyalelo othi "git apply -reject" ukubhala iindawo ezikhatyiweyo zepetshi njengeefayile ezinolwandiso lwe ".rej", kwaye umhlaseli angakwazi. sebenzisa eli thuba ukubhala imixholo kulawulo olungenamkhethe, kangangoko iimvume zangoku zivumela oko.
Ukongeza, izinto ezintathu ezibuthathaka ezibonakala kuphela kwiqonga leWindows zilungisiwe: CVE-2023-29012 (khangela idoskey.exe ephunyezwayo kulawulo olusebenzayo kwindawo yokugcina xa uphumeza umyalelo we "Git CMD", okuvumela ukuba uququzelele. ukuphunyezwa kwekhowudi yakho kwinkqubo yomsebenzisi), i-CVE-2023 -25815 (i-buffer iphuphuma ngelixa ilungisa iifayile zendawo yendawo kwi-gettext) kunye ne-CVE-2023-29011 (amathuba okutshintsha ifayile ye-connect.exe xa usebenza nge-SOCKS5).
umthombo: opennet.ru