GitHub½¨¸´9¸öGit·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2019-12-16

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1348£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1349£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1350£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1351£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1352£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1353£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1354£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1387£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-19604£¬ £¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬ £¬£¬£¬ £¬£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


Git 2.24¼°ÒÔÏ°汾


·ì϶¸ÅÊö


GitÊÇÒ»Ì×Ãâ·Ñ¡¢¿ªÔ´µÄÉ¢²¼Ê½°æ±¾½ÚÔìϵͳ¡£¡£¡£¡£¡£¡£¡£Ëü½¨¸´ÁËÈçϾŸö·ì϶£¬ £¬£¬£¬ £¬£¬ÆäÖÐCVE-2019-1350£¬ £¬£¬£¬ £¬£¬CVE-2019-1351£¬ £¬£¬£¬ £¬£¬CVE-2019-1352£¬ £¬£¬£¬ £¬£¬CVE-2019-1353ºÍCVE-2019-1354ÊÇWindowsÌض¨µÄ·ì϶£¬ £¬£¬£¬ £¬£¬ÔÚ¿Ë¡²»ÊÜÐÅÀµµÄ´æ´¢¿âʱ¿ÉÄܵ¼ÖÂÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£¡£CVE-2019-1352Äܹ»Ó°Ïì·ÇWindowsÓû§£¬ £¬£¬£¬ £¬£¬µ«Ç°ÌáÊDZØÐë¹ÒÔØNTFS¾í¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1348

git fast-importµÄ--export-marksÑ¡ÏîҲͨ¹ýÒÔÏ·½Ê½¹«¿ªÁ÷ÄÚºÅÁîÖ°ÄÜexport-marks = ...£¬ £¬£¬£¬ £¬£¬ËüÔÊÐí¸²¸ÇËÁÒâõ辶¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1349

ÔÚijЩÇé¿öÏÂÒԵݹ鷽ʽ¿Ë¡×ÓÄ£¿£¿£¿£¿ £¿£¿£¿£¿éʱGit¿ÉÄܱ»ºýŪÁ½´ÎʹÓÃÒ»ÑùµÄGitĿ¼¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1350

ºÅÁîÐвÎÊýÒýÓò»ÕýÈ·ÔÊÐíÔ¶³Ì´úÂëÓëSSH URLһ·Ôڵݹé¿Ë¡ÆÚ¼äÖ´ÐÓ×£¡£¡£¡£¡£¡£¡£


CVE-2019-1351

ÎïÀíÇý¶¯Æ÷ÉÏΨһÔÊÐíʹÓõÄÇý¶¯Æ÷ºÅ WindowsÊÇÃÀ¹úÓ¢Óï×Öĸ£¬ £¬£¬£¬ £¬£¬´ËÏ޶Ȳ»ºÏÓÃÓÚͨ¹ýsubst<letter>:<path>·ÖÅäµÄÐé¹¹Çý¶¯Æ÷¡£¡£¡£¡£¡£¡£¡£Git½«´ËÀàõ辶ÎóÒÔΪÊÇÏà¶Ôõ辶£¬ £¬£¬£¬ £¬£¬´Ó¶øÔÊÐíÔÚ¿Ë¡ʱдÔÚ¹¤×÷Ê÷±í²¿¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1352

Git²»ÖªÂ·NTFS±¸ÓÃÊý¾ÝÁ÷£¬ £¬£¬£¬ £¬£¬¿Ë¡ÆÚ¼äÔÊÐíÎļþ¸²¸Ç.git/Ŀ¼¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1353

ÔÚLinuxµÄWindows×ÓϵͳÖÐÔËÐÐGitʱ£¨Ò²³ÆΪ¡° WSL¡±£©£¬ £¬£¬£¬ £¬£¬ÔÚͨÀýWindowsÇý¶¯Æ÷ÉϽӼû¹¤×÷Ŀ¼ʱ£¬ £¬£¬£¬ £¬£¬Ã»ÓÐÈκÎNTFS±£»£»£»£»£»£» £» £»¤´¦Óڻ״̬¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1354

Linux / UnixÉϵÄÎļþÃûÄܹ»Ô̺¬·´Ð±¸Ü¡£¡£¡£¡£¡£¡£¡£ÔÚWindowsÉÏ£¬ £¬£¬£¬ £¬£¬·´Ð±¸ÜÊÇĿ¼·Ö¸ô·û¡£¡£¡£¡£¡£¡£¡£ Git²¢Ã»ÓлؾøÓÃÕâÑùµÄÎļþÃûд³ö¸ú×ÙÎļþ¡£¡£¡£¡£¡£¡£¡£


CVE-2019-1387

µÝ¹é¿Ë¡µ±Ç°ÊÜÒÔÏ·ì϶µÄÓ°Ï죺×ÓÄ£¿£¿£¿£¿ £¿£¿£¿£¿éÃû³ÆÑéÖ¤¹ýÓÚ¿íËÉÔì³ÉµÄ£¬ £¬£¬£¬ £¬£¬ÔÊÐíͨ¹ýµÝ¹é¿Ë¡ÖеÄÔ¶³Ì´úÂëÖ´ÐÐÀ´½øÐÐÓÐÕë¶ÔÐԵĹ¥»÷¡£¡£¡£¡£¡£¡£¡£


CVE-2019-19604

¡°Git×ÓÄ£¿£¿£¿£¿ £¿£¿£¿£¿é¸üС±²Ù×÷Äܹ»ÔËÐжñÒâ´æ´¢¿âµÄ.gitmodulesÎļþÖÐÕÒµ½µÄºÅÁî¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬ £¬£¬£¬ £¬£¬²¹¶¡»ñÈ¡Á´½Ó£ºhttps://github.blog/2019-12-10-multiple-git-vulnerabilities-in-2-24-and-older/¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.cbronline.com/news/git-project-patches