Sabon Sabunta kwaya ta Ubuntu, kuma wannan shine abu mai kyau game da amfani da rarraba Linux tare da babban kamfani a bayansa, kamar Canonical. An sake sigogin kwaya da aka sabunta don duk nau'ikan Ubuntu da aka tallafawa, wanda ya dace da Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 Bionic Beaver, da Ubuntu 16.04 Xenial Xerus. Lokaci ne cikakke don tunawa da mahimmancin abin da yake / shine haɓakawa daga Ubuntu 18.10 zuwa Ubuntu 19.04, tunda shine sabuntawa na farko na tsaro wanda Cosmic Cuttlefish bai samu ba tun isowarsa a ƙarshen rayuwarsa.
An sanya tsananin matsalolin da aka gano cikin matsakaici na gaggawa kuma waɗanda aka gano a cikin Disco Dingo sun bambanta da waɗanda aka gano a cikin Bionic Beaver da Xenial Xerus. A zahiri, a cikin sabuntawa don Ubuntu 16.04 mun karanta cewa «Wannan sabuntawa yana ba da sabuntawa daidai don Ubuntu 18.04 Linus Hardware Enablement (HWE) don Ubuntu 16.04 LTS«. A ƙasa muna bayyana ƙarin cikakkun bayanai game da kwari gano da kuma gyara.
Daukaka kwayar Disco Dingo tana gyara raunin tsaro 4
Sabuwar sigar kwaya don Ubuntu 19.04 an ƙaddamar yau kuma warware:
- CVE-2019-11487: an gano cewa adadin adadi ya kasance a cikin kernel na Linux lokacin da yake yin amfani da shafuka, wanda ke haifar da maganganu masu amfani bayan an sake shi. Wani maharan gida na iya amfani da wannan don haifar da ƙin yarda da sabis (kashewa ba zato ba tsammani) ko wataƙila aiwatar da lambar ƙira.
- CVE-2019-11599: Jann Horn ya gano cewa yanayin tsere ya kasance a cikin kernel na Linux yayin aiwatar da ƙwaƙwalwar ajiya. Wani maharan gida na iya amfani da wannan don haifar da ƙin yarda da sabis (haɗarin tsarin) ko fallasa bayanai masu mahimmanci.
- CVE-2019-11833: An samo aiwatar da tsarin fayil na ext4 a cikin kwayar Linux don baya rufe ƙwaƙwalwar ajiya yadda yakamata a wasu yanayi. Wani maharan gida na iya amfani da wannan don fallasa bayanai masu mahimmanci (ƙwaƙwalwar ƙwaƙwalwa).
- CVE-2019-11884: Gano cewa yarjejeniyar Bluetooth Human Interface Device Protocol (HIDP) a cikin kernel na Linux bai tabbatar da cewa kirtani ya ƙare ba a wasu yanayi. Wani maharin gida na iya amfani da wannan don fallasa bayanai masu mahimmanci (ƙwaƙwalwar ajiyar kernel).
Sauran kwari 4 da aka gyara a Ubuntu 18.04 / 16.04
Sabuntawa don Ubuntu 18.04 y Ubuntu 16.04 Hakanan an sake su yau kuma sun gyara, ban da kwari CVE-2019-11833 da CVE-2019-11884 da aka bayyana a sama, mai zuwa:
- CVE-2019-11085: Adam Zabrocki ya gano cewa Intel i915 kernel yanayin graphics direba a cikin Linux kwaya bai yadda ya kamata taƙaita mmap () jeri a wasu yanayi. Wani maharan gida na iya amfani da wannan don haifar da ƙin yarda da sabis (kashewa ba zato ba tsammani) ko wataƙila aiwatar da lambar ƙira.
- CVE-2019-11815: An gano cewa a aiwatar da yarjejeniya ta Reliable Datagram Sockets (RDS) a cikin kernel na Linux akwai yanayin tsere wanda ya haifar da amfani bayan sakin. Yarjejeniyar RDS tana cikin baƙi ta cikin tsoho a cikin Ubuntu. Idan an kunna, mai kawo hari na gida na iya amfani da wannan don haifar da ƙin yarda da sabis (rufewa ba zato ba tsammani) ko wataƙila zartar da lambar da ba ta dace ba.
A yanzu, ba a sani ba idan waɗannan kwari suma suna cikin Linux version 5.2 que ya hada da Ubuntu 19.10 Eoan Ermine, amma Canonical bai sabunta kwayarsu ba, wanda ke iya nufin ko dai ba su cikin sauri ne saboda wannan fitowar ci gaba ce ko kuma kwari da aka gano kwanan nan bai shafe su ba.
Sabunta yanzu
Canonical ya bada shawarar sabunta duk masu amfani da Ubuntu 19.04, Ubuntu 18.04 da Ubuntu 16.04 da wuri-wuri, tunda matakin gaggawa "matsakaici" yana nufin cewa ƙwarin ba su da wuyar amfani. Da kaina, zan iya cewa wannan wani lamari ne wanda ba zan damu da yawa ba, tunda dole ne a yi amfani da kwari don samun damar zahirin na'urorin, amma la'akari da cewa sabuntawa kawai zamu ƙaddamar da kayan aikin sabuntawa kuma muyi amfani da su , Ina ba da shawarar yin shi a kowane lokaci. Don kariyar ta fara aiki, dole ne a sake kunna kwamfutar bayan girka sabbin sigar.
