I-ProHoster > Блог > izindaba ze-inthanethi > Ubungozi ku-Git lapho uhlanganisa amamojula angaphansi futhi usebenzisa igobolondo le-git

Ubungozi ku-Git lapho uhlanganisa amamojula angaphansi futhi usebenzisa igobolondo le-git

Ukukhishwa okulungile kwesistimu yokulawula umthombo esabalalisiwe i-Git 2.38.1, 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3 kanye ne-2.37.4 kushicilelwe, okulungisayo. ubungozi obubili , obuvela lapho kusetshenziswa umyalo othi “git clone” kumodi ethi “—recurse-submodules” enamakhosombe angahloliwe nalapho kusetshenziswa imodi yokusebenzisana ethi “git shell”. Ungakwazi ukulandelela ukukhishwa kwezibuyekezo zephakheji ekusabalaliseni emakhasini e-Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD.

  • I-CVE-2022-39253 - Ukuba sengozini kuvumela umhlaseli olawula okuqukethwe kwekhosombe elihlanganisiwe ukuze athole ukufinyelela kudatha eyimfihlo kusistimu yomsebenzisi ngokubeka izixhumanisi ezingokomfanekiso kumafayela athakaselayo kuhla lwemibhalo lwe-$GIT_DIR/izinto lwekhosombe elihlanganisiwe. Inkinga ibonakala kuphela lapho kwenziwa i-clone endaweni (kumodi ethi "--local", esetshenziswa lapho okuqondiwe kanye nedatha yomthombo ye-clone iku-partitioning efanayo) noma uma kwenziwa i-clone inqolobane enobungozi epakishwe njengemojula encane kwenye inqolobane (isibonelo, lapho ngokuphindaphindiwe kufaka phakathi ama-submodules anomyalo we-"git clone" --recurse-submodules").

    Ubungozi bubangelwa ukuthi kumodi ye-cloning “--local”, i-git idlulisela okuqukethwe kwe-$GIT_DIR/izinto kuhla lwemibhalo oluqondiwe (ukudala izixhumanisi eziqinile noma amakhophi wamafayela), yenza ukungalungi kwezixhumanisi ezingokomfanekiso (okungukuthi, njenge ngenxa yalokho, izixhumanisi ezingezona uphawu zikopishelwa kuhla lwemibhalo oluqondiwe , kodwa ngokuqondile amafayela izixhumanisi ezikhomba kuwo). Ukuze uvimbele ukuba sengozini, ukukhishwa okusha kwe-git kuvimbela ukwenziwa kwamakhosombe ngemodi "--yasendaweni" equkethe izixhumanisi ezingokomfanekiso $GIT_DIR/objects directory. Ukwengeza, inani elimisiwe lepharamitha ye-protocol.file.allow lishintshiwe laba "umsebenzisi", okwenza imisebenzi yokuhlanganisa kusetshenziswa ifayela:// iphrothokholi ingaphephile.

  • I-CVE-2022-39260 - Ukuchichima okuphelele emsebenzini we-split_cmdline() osetshenziswe kumyalo we-"git shell". Inkinga ingase isetshenziselwe ukuhlasela abasebenzisi “abanegobolondo le-git” njengegobolondo labo lokungena futhi abanemodi yokusebenzisana enikwe amandla (ifayela le-$HOME/git-shell-commands selidaliwe). Ukuxhashazwa kokuba sengozini kungaholela ekusetshenzisweni kwekhodi engafanele kusistimu lapho kuthunyelwa umyalo oklanywe ngokukhethekile omkhulu kunosayizi ongu-2 GB.

Source: opennet.ru

Engeza amazwana