Ukukhishwa okulungile kwesistimu yokulawula umthombo esabalalisiwe i-Git 2.40.1, 2.39.3, 2.38.5, 2.37.7, 2.36.6, 2.35.8, 2.34.8, 2.33.8, 2.32.7, 2.31.8 kanye no-2.30.9. kushicilelwe .XNUMX, lapho ukuba sengozini okuhlanu kwaqedwa. Ungakwazi ukulandelela ukukhishwa kwezibuyekezo zephakheji ekusabalaliseni emakhasini e-Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD. Njengezindlela zokusebenza zokuvikela ezingozini, kuyanconywa ukuthi ugweme ukusebenzisa umyalo othi "git apply --reject" lapho usebenza neziqephu zangaphandle ezingahloliwe, futhi uhlole okuqukethwe kwe-$GIT_DIR/config ngaphambi kokusebenzisa i-"git submodule deinit", "git config --rename-section" kanye "ne-git config --remove-section" lapho usebenza namakhosombe angathembekile.
Ukuba sengozini kwe-CVE-2023-29007 kuvumela ukushintshwa kwezilungiselelo kufayela lokucushwa elingu-$GIT_DIR/config, elingasetshenziswa ukwenza ikhodi kusistimu ngokucacisa izindlela eziya kumafayela asebenzisekayo ku-core.pager, core.editor kanye neziqondiso ze-core.sshCommand . Ukuba sengozini kungenxa yephutha elinengqondo elingabangela amanani amade kakhulu okumisa ukuthi athathwe njengesiqalo sesigaba esisha lapho kwenziwa ukuqamba kabusha noma ukususa imisebenzi esigabeni esivela kufayela lokumisa. Empeleni, ukushintshwa kwamanani asebenzisa ubungozi kungafinyelelwa ngokucacisa ama-URL amade kakhulu wamamojula angaphansi, alondolozwa ku-$GIT_DIR/config ifayela phakathi nokuqaliswa. Lawa ma-URL angase ahunyushwe njengezilungiselelo ezintsha lapho uzama ukuwasusa nge-"git submodule deinit".
Ukuba sengozini CVE-2023-25652 kuvumela okuqukethwe kwamafayela angaphandle kwesihlahla esisebenzayo ukuthi kubhalwe phezu lapho kucutshungulwa iziqephu eziklanywe ngokukhethekile ngomyalo othi “git apply -reject”. Uma uzama ukwenza isiqeshana esinonya ngomyalo othi "git apply" ozama ukubhalela ifayela ngesixhumanisi esingokomfanekiso, ukusebenza kuzonqatshwa. Ku-Git 2.39.1, ukuvikelwa ekukhohlisweni kwe-symlink kunwetshiwe ukuze kuvinjwe ama-patches adala ama-symlink futhi azame ukubhala ngawo. Ingqikithi yokuba sengozini okukhulunywa ngayo ukuthi i-Git ayizange icabangele ukuthi umsebenzisi angasebenzisa umyalo othi “git apply –reject” ukuze abhale izingxenye ezinqatshiwe zepeshi njengamafayela anesandiso esithi “.rej”, futhi umhlaseli angasebenzisa lesi sici ukuze ubhale okuqukethwe kuhla lwemibhalo olungenasizathu, kuze kufike lapho amalungelo okufinyelela akuvumela lokhu.
Ngaphezu kwalokho, ubungozi obuthathu obuvela epulatifomu ye-Windows kuphela bulungisiwe: CVE-2023-29012 (sesha i-doskey.exe esebenzisekayo kumkhombandlela osebenzayo wendawo yokugcina lapho ukhipha umyalo we-“Git CMD”, okuvumela ukuthi uhlele ukukhishwa kwekhodi yakho ohlelweni lomsebenzisi), i-CVE-2023 -25815 (i-buffer ichichima lapho kucutshungulwa amafayela okwenziwa kwasendaweni afomethwe ngokukhethekile ku-gettext) kanye ne-CVE-2023-29011 (amathuba okonakalisa ifayela le-connect.exe lapho usebenza nge-SOCKS5).
Source: opennet.ru