Ukukhishwa okulungile kwesistimu yokulawula umthombo esabalalisiwe i-Git 2.35.2, 2.30.3, 2.31.2, 2.32.1, 2.33.2 kanye ne-2.34.2 kushicilelwe, elungisa ubungozi obubili:
- I-CVE-2022-24765 - Ezinhlelweni zabasebenzisi abaningi ezinezinkomba ezabiwe, kukhonjwe ukuhlasela okungaholela ekusetshenzisweni kwemiyalo echazwe ngomunye umsebenzisi. Umhlaseli angakha uhla lwemibhalo oluthi “.git” ezindaweni ezidlulana nabanye abasebenzisi (isibonelo, kunkomba eyabelwe noma izinkomba ezinamafayela esikhashana) futhi abeke ifayela lokumisa elithi “.git/config” kulo nokucushwa kwezibambi ezibizwa ngokuthi nini imisebenzi ethile iyenziwa. imiyalo ye-git (isibonelo, ungasebenzisa ipharamitha ye-core.fsmonitor ukuze uhlele ukukhishwa kwekhodi).
Izibambi ezichazwe kokuthi “.git/config” zizobizwa ngamalungelo omunye umsebenzisi uma lowo msebenzisi esebenzisa i-git kuhlu lwemibhalo olusezingeni eliphezulu kunohla lwemibhalo olungaphansi lwe-“.git” oludalwe umhlaseli. Ucingo lungenziwa futhi ngokungaqondile, isibonelo, uma usebenzisa abahleli bekhodi abasekela i-git, njenge-VS Code ne-Atom, noma uma usebenzisa izengezo ezisebenzisa “isimo se-git” (ngokwesibonelo, i-Git Bash noma i-posh-git). Ku-Git 2.35.2, ubungozi buvinjwe ngezinguquko kumqondo wokucinga okuthi ".git" kuzinkhombandlela ezingaphansi (uhla lwemibhalo lwe-".git" manje alukanakwa uma luphethwe omunye umsebenzisi).
- I-CVE-2022-24767 iwukuba sengcupheni okuqondene nengxenyekazi ye-Windows evumela ukusetshenziswa kwekhodi ngamalungelo e-SYSTEM lapho kuqaliswa ukusebenza Kokukhipha kohlelo lwe-Git yohlelo lwe-Windows. Inkinga ibangelwa ukuthi isikhiphi sisebenza kumkhombandlela wesikhashana obhalwa abasebenzisi bohlelo. Ukuhlasela kwenziwa ngokubeka ama-DLL angena esikhundleni kumkhombandlela wesikhashana, azolayishwa lapho isikhiphi sethulwa ngamalungelo e-SYSTEM.
Source: opennet.ru