Ukukhishwa okulungile kwesistimu yokulawula umthombo esabalalisiwe i-Git 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7 kanye ne-2.30.8 kushicilelwe, okulungisayo ubungozi obubili , obuthinta ukulungiselelwa kokuhlanganisa kwasendaweni kanye nomyalo othi "git apply". Ungakwazi ukulandelela ukukhishwa kwezibuyekezo zephakheji ekusabalaliseni emakhasini e-Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD. Uma kungenakwenzeka ukufaka isibuyekezo, kuyatuswa njengendlela yokusebenza ukuze ugweme ukwenza umsebenzi we-"git clone" ngenketho ethi "--recurse-submodules" kumakhosombe angathembekile, kanye nokugwema ukusebenzisa okuthi "git apply" kanye "no" git am" imiyalo kumakhosombe angathembekile. ikhodi.
- Ukuba sengozini kwe-CVE-2023-22490 kuvumela umhlaseli olawula okuqukethwe kwekhosombe elihlanganisiwe ukuze athole ukufinyelela kudatha ebucayi kusistimu yomsebenzisi. Amaphutha amabili anomthelela ekuveleni kokuba sengozini:
Iphutha lokuqala livumela, lapho usebenza nenqolobane eklanywe ngokukhethekile, ukufeza ukusetshenziswa kwe-cloning optimizations yendawo ngisho nalapho kusetshenziswa ezokuthutha ezisebenzisana nezinhlelo zangaphandle.
Iphutha lesibili livumela ukubekwa kwesixhumanisi esingokomfanekiso esikhundleni senkomba ye-$GIT_DIR/izinto, efana nokuba sengozini CVE-2022-39253, ukulungiswa okuvimbe ukubekwa kwezixhumanisi ezingokomfanekiso kuhla lwemibhalo lwezinto ezingu-$GIT_DIR/, kodwa azange hlola iqiniso lokuthi uhla lwemibhalo lwe-$GIT_DIR/objects ngokwalo lungaba isixhumanisi esingokomfanekiso.
Kumodi yokuhlanganisa yasendaweni, i-git idlulisela i-$GIT_DIR/izinto kuhla lwemibhalo oluqondiwe ngokususa ireferensi kuma-symlink, okubangela ukuthi amafayela akhonjwe ngokuqondile akopishelwe kuhla lwemibhalo oluqondiwe. Ukushintshela ekusebenziseni ukulungiselelwa kwe-cloning yasendaweni kwezokuthutha okungezona ezasendaweni kuvumela ukuxhashazwa kobungozi lapho usebenza nezinqolobane zangaphandle (isibonelo, ngokuphindaphindiwe kufaka phakathi ama-submodules anomyalo othi βgit cloneβrecurse-submodulesβ kungaholela ekwenziweni kwe-cloning yenqolobane enonya epakishwe njengemojula encane. kwenye inqolobane).
- Ukuba sengozini CVE-2023-23946 kuvumela okuqukethwe kwamafayela angaphandle kohlu lwemibhalo olusebenzayo ukuthi kubhalwe ngaphezulu ngokudlulisela okokufaka okuklanywe ngokukhethekile kumyalo othi "git apply". Isibonelo, ukuhlaselwa kungenziwa ngesikhathi sokucutshungulwa kwama-patches alungiselelwe umhlaseli kokuthi "git apply". Ukuze uvimbele amapeshi ekwakhiweni kwamafayela ngaphandle kwekhophi esebenzayo, i-"git apply" ivimba ukucutshungulwa kweziqephu ezizama ukubhala ifayela kusetshenziswa ama-symlink. Kodwa kuvela ukuthi lesi sivikelo singadlula ngokudala isixhumanisi esingokomfanekiso kwasekuqaleni.
Source: opennet.ru