Ukukhutshwa kokulungiswa kwenkqubo yokulawula umthombo osasaziweyo we-Git 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7 kunye ne-2.30.8 zipapashwe, ezilungisayo Ubuthathaka obubini, obuchaphazela ulungelelwaniso lwe-cloning yasekhaya kunye nomyalelo "we-git apply". Unako ukulandelela ukukhutshwa kohlaziyo lwephakheji kunikezelo kumaphepha eDebian, Ubuntu, RHEL, SUSE / openSUSE, Fedora, Arch, FreeBSD. Ukuba akunakwenzeka ukufaka uhlaziyo, kuyacetyiswa njengendlela yokusebenza ukuphepha ukwenza umsebenzi we "git clone" ngokhetho lwe "--recurse-submodules" kwiindawo zokugcina ezingathenjwayo, kunye nokunqanda ukusebenzisa "git apply" kunye " git am" imiyalelo kwiindawo zokugcina ezingathenjwa.
- Ubuthathaka be-CVE-2023-22490 buvumela umhlaseli olawula imixholo yendawo yokugcina edibeneyo ukuze afumane ukufikelela kwiinkcukacha ezibuthathaka kwinkqubo yomsebenzisi. Iziphene ezimbini zinegalelo ekuveleni kobuthathaka:
Isiphoso sokuqala sivumela, xa usebenza kunye nendawo yokugcina eyenzelwe ngokukodwa, ukufezekisa ukusetyenziswa kwe-cloning optimizations yendawo nangona usebenzisa isithuthi esisebenzisana neenkqubo zangaphandle.
Isiphoso sesibini sivumela ukubekwa kwekhonkco elingumfuziselo endaweni ye- $GIT_DIR/i-directory yezinto, efana nokuba sesichengeni CVE-2022-39253, ukulungiswa okuvalele ukubekwa kwamakhonkco omfuziselo kwi- $GIT_DIR/i-directory yezinto, kodwa ayizange. khangela into yokuba i-$GIT_DIR/uvimba weefayili wezinto ngokwawo unokuba likhonkco elingumfuziselo.
Kwimowudi ye-cloning yendawo, i-git idlulisela i-$GIT_DIR/izinto kulawulo ekujoliswe kulo ngokususa ireferensi kwii-symlink, ezibangela ukuba iifayile ezibhekiselele ngqo zikhutshelwe kulawulo ekujoliswe kulo. Ukutshintshela ekusebenziseni ulungelelwaniso lwe-cloning yendawo yothutho olungelulo lwendawo luvumela ukuxhatshazwa kobuthathaka xa usebenza nogcino lwangaphandle (umzekelo, ngokuphindaphindiweyo ukuquka iimodyuli ezinomyalelo "git clone -recurse-submodules" kunokukhokelela kubumbano lwendawo yokugcina eyingozi epakishwe njengemodyuli engaphantsi. kwenye indawo yokugcina).
- Ukuba sesichengeni kwe-CVE-2023-23946 ivumela imixholo yeefayile ngaphandle koluhlu olusebenzayo ukuba lubhalwe ngaphezulu ngokugqithisa igalelo elenziwe ngokukodwa kumyalelo othi "git apply". Ngokomzekelo, uhlaselo lunokwenziwa ngexesha lokucutshungulwa kweepatches ezilungiselelwe ngumhlaseli kwi "git apply". Ukuvala iipetshi ekwenzeni iifayile ngaphandle kwekopi esebenzayo, "git apply" iibhloko zokusetyenzwa kweepetshi ezizama ukubhala ifayile kusetyenziswa ii-symlinks. Kodwa kuvela ukuba olu khuselo lunokugqithwa ngokudala ikhonkco lokomfuziselo kwindawo yokuqala.
umthombo: opennet.ru
