Sida loo rakibo Magento 2 Security Patch PRODSECBUG-2198

26 Maarso 2019, Magento wuxuu siidaayay xirmada amniga PRODSECBUG-2198 ee loogu talagalay hagaajinta nuglaanta SQL. Dayacnaantaas darteed, isticmaale ruqsad la'aan ah ayaa fulin kara koodhka SQL, iyadoo ay dhici karto luminta xogta xasaasiga ah. Waxaan si adag kuugula talineynaa inaad ku rakibto balastarradaas dhameystiran sida ugu dhaqsaha badan.

• Macluumaadka PRODSECBUG-2198
• CVSSv3 Severity: 9 (Halis ah)
• Weerarada loo yaqaan: midna
• Sharraxaadda: isticmaale aan la xaqiijin ayaa ku fulin kara koodh aan sabab lahayn iyada oo loo marayo nuglaanta SQL, taas oo keenta luminta xogta xasaasiga ah.
• Badeecada Saameysay: Magento Open Source pre-1.9.4.1 iyo Magento Ganacsi kahor 1.14.4.1, Magento 2.1 kahor 2.1.17, Magento 2.2 kahor 2.2.8, Magento 2.3 kahor 2.3.1
• Degan: Magento Furan Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1
• Wariyaha: cfreal

Waxa kale oo aad jeclaan kartaa: Tilmaamo dhammaystiran ee maareynta waxyaabaha nuqul ka mid ah ee Magento

Si aad u rakibto balastar PRODSECBUG-2198, si fudud u socodsiiya qodobbada 6 ee soo socda:

• Waxaad u soo celisaa eccmerce-kaaga Magento-ka ku saleysan: Waa tallaabo xigmad leh oo lagu kaydinayo dukaanka 'Magento Store' ka hor intaadan dalbanin wax alaabo ammaan ah maxaa yeelay dukaankaaga ayaa laga yaabaa inuu wax khilaaf ah kala kulmo faylasha 'Patch';
• Ka soo rogo balastarka goobta Magento: Soo dejiso PRODSECBUG-2198 patch ka qui, adoo dooranaya nooca saxda ah ee bakhaarkaaga Magento oo aad ugu rideyso galkaaga xididka 'Magento'.
• Codso balastarka: Ku gal server-ka adiga oo adeegsanaya qolof (ssh) oo geli galka xididka. Ku dhaqaaq amarrada soo socda:

• • bash Patch magaca

• Nadiifi Kaararkaaga 'Magento': Waxaan kugula talineynaa inaad nadiifiso bakhaarka 'Magento' ka dib markaad isticmaasho balastarka. Waad nadiifin kartaa oo aad nadiifin kartaa majaajiyaha maamulka 'Magento' ama waxaad fulin kartaa amarada soo socda ee SSH:

• • kaydinta 'php bin / magento': fogee
  • kaydinta php bin / magento: nadiif ah

• Xaqiiji rakibaadda balakoonka: Ku dhaqaaq amarrada soo socda si aad u ogaato haddii balastarka si sax ah loo rakibay:

• • grep '|' app / iwm / applied.patches.lis

• Ka saar faylka 'Patch': Kadib rakibidda lagu guuleysto ee patch, waxaad ka saari kartaa faylka .patch xididka Magento. Ku dhaqaaq amarrada soo socda si aad uga saarto adoo adeegsanaya SSH:

• • rm Patch magaca
•  

Waxa kale oo aad jeclaan kartaa: Sida loo habeeyo gelitaanka qasabka ah ee Magento 2 com field

Tixgeli taas:

Habka kore ee qaabka Magento 2.2 CE waxaad yeelan kartaa khalad sida soo socota:

sh PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
diff: ikhtiyaar aan la aqoonsan “–git”
diff: iskuday “diff –help” wixii macluumaad dheeri ah.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 2: tixraac: amar lama helin
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 3: -: amar lama helin

Si looga fogaado qaladkan, raac tallaabooyinka hoose:

• Hadaad isticmaasho cirridka:
  git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
• isticmaal balastar
  Ka qaad a / eb / ka hor waddooyinka.
  U dhaqaaji faylka 'patch' xididka Magento oo socodsiiya patch -p0 <PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch

Ercole Palmeri

Maareeyaha cusub ee ku meel gaarka ah