Iyo 26 Kurume 2019, Magento aburitsa PRODSECBUG-2198 patch yekuchengetedza yekugadzirisa kusakwana kweSQL. Nekuda kwekusagadzikana uku, mushandisi akasarudzika anogona kuendesa SQL kodhi, nekukanganisika kurasikirwa kwe data rakadzama. Isu tinokurudzira kuti uise aya matete azere nekukurumidza.
- PRODSECBUG-2198 Ruzivo
- CVSSv3 Severity: 9 (Inorasika)
- Kuzivikanwa kurwiswa: hapana
- Tsanangudzo: mushandisi akasarudzika anogona kuita zvekupokana kodhi kuburikidza ne SQL kusagadzikana, izvo zvinokonzeresa kurasikirwa kwe data rakadzama.
- Yakakanganiswa chigadzirwa: Magento Open Source pre-1.9.4.1 uye Magento Commerce isati yasvika 1.14.4.1, Magento 2.1 isati ya 2.1.17, Magento 2.2 isati yasvika 2.2.8, Magento 2.3 isati yasvika 2.3.1
- Yakagadziriswa mukati: Magento Open Open 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1
- Mutori wenhau: cfreal
Kuisa PRODSECBUG-2198 chigamba, ingo mhanya unoteedzera 6 makona:
- Backup yako Magento-yakavakirwa ecommerce: Iyo nhanho yekuchenjera yekutsigira Magento Chitoro usati waisa chero chengetedzo nekuti chitoro chako chingangopesana nePatch mafaera;
- Dhawunirodha chigamba kubva kunzvimbo yeMagento: Dhawunirodha PRODSECBUG-2198 chigamba kubva qui, uchisarudza iyo vhezheni yakakodzera yeyako yeMagento chitoro uye chiise iyo kuMagento midzi yako.
- Nyorera chigamba: Svika sevha kuburikidza necrob (ssh) uye pinda iyo midzi dhairekitori. Mhanya unotevera kuraira:
- Bvisa yako Magento Cache: Tinokurudzira kuchenesa iyo Magento cache mushure mekushandisa chigamba. Unogona kujekesa uye kujekesa iyo Magento admin cache kana kuita zvinotevera SSH mirairo:
-
- php bin / magento cache: kusheedzera
- php bin / magento cache: yakachena
- Simbisa kuisirwa chigambaMhanya unotevera kuraira kuti uzive kana chigamba chakaiswa mushe:
-
- grep '| Anwendung / nezvimwewo / applied.patches.lis
- Bvisa iyo Patch faira: Mushure mekubudirira chigamba kuisirwa, unogona kubvisa .patch faira kubva kuMagento mudzi. Mhanya unotevera kuraira kuti ubvise uchishandisa SSH:
Funga izvozvo:
Iine nzira iri pamusoro apa muMagento 2.2 CE shanduro iwe unogona kunge uine kukanganisa nenzira inotevera:
sh PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
mutsa: sarudzo haina kunozivikanwa "-git"
diff: edza “dis -help” kuti uwane rumwe ruzivo.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: mutsara 2: index: command haina kuwanikwa
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: mutsara 3: -: command haina kuwanikwa
Kuti udzivise kukanganisa uku, tevera matanho ari pasi apa.
- Kana uchishandisa git:
git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
- shandisa chigamba
Bvisa a / eb / pamberi penzira.
Fambisa iyo chigamba faira kuMagento midzi uye unomhanya iyo patch -p0 <PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
Ercole Palmeri
Yechinguva Innovation Manager