Python yana da raunin yanayi da yawa wanda zai iya ma lalata batirin kwamfutocinmu

Pablinux

2 minti

Python ta gyara a Ubuntu

Babu cikakken tsarin aiki, kuma babu software wanda ba shi da rauni. Wannan makon, Canonical ya buga da yawa a ciki Python, sanannen yaren shirye-shiryen software wanda zai iya kawo karshen kowane tsarin aiki, ya zama Linux, macOS, Windows ko wayoyin hannu da Intanet na Abubuwa (IoT). Kamar koyaushe, kamfanin da ke haɓaka tsarin aiki wanda ya ba da sunansa ga wannan rukunin yanar gizon ya wallafa duk bayanan bayan ya gyara matsalolin.

Rashin lafiyar ya shafi dukkan nau'ikan Ubuntu waɗanda ke jin daɗin tallafi na hukuma, waɗanda a halin yanzu Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 Bionic Beaver da Ubuntu 16.04 Xenial Xerus, duk da cewa ba duka ke shafar dukkan tsarin aiki ba. Duka, 8 an daidaita yanayin rauni, shida daga cikinsu na matsakaiciyar fifiko da biyu na kananan fifiko. Babu wanda ya shafi Ubuntu 19.10 wanda za'a sake shi a tsakiyar Oktoba. An sabunta: Akwai kuma faci don Ubuntu 14.04 ESM da Ubuntu 12.04 ESM.

An magance raunin Python a wannan makon

  • CVE-2018-20406- Ta hanyar kuskuren amfani da wasu fayilolin tsami, mai kai hari zai iya amfani da wannan aibin don cinye ƙwaƙwalwa ta hanyar hana sabis (DoS). Wannan kwaro yana shafar Ubuntu 16.04 da Ubuntu 18.04 kawai.
  • CVE-2018-20852- Wani maƙiyi na iya yaudarar Python ta hanyar aika kukis zuwa yankin da bai dace ba, saboda Python yana tabbatar da yankin daidai lokacin sarrafa cookies.
  • CVE-2019-10160CVE-2019-9636: Python yayi kuskuren sarrafa ɓoyayyen Unicode yayin daidaitawar NFKC. Wani mahari zai iya amfani da wannan don samun bayanai masu mahimmanci.
  • CVE-2019-5010: Python kuskuren sarrafawa fassarar wasu takaddun shaida na X509. Wani maƙiyi na iya amfani da wannan don haifar da Python ya faɗi, wanda ya haifar da hana sabis (DoS). Wannan kwaro ya shafi Ubuntu 18.04 da Ubuntu 16.04.
  • CVE-2019-9740CVE-2019-9947- Ta hanyar amfani da wasu adireshin, wani maharin zai iya amfani da wannan don aiwatar da hare-haren allurar CRLF.
  • CVE-2019-9948: Python ba daidai yake sarrafa local_file ba: tsari, wani abu da maharin nesa zai iya amfani dashi don ƙetare hanyoyin aikin baƙar fata.

Kamar yadda muka ambata, Canonical ya riga ya gyara duk yanayin rashin lafiyar da aka ambata a cikin wannan labarin, duka a cikin Ubuntu 19.04, Ubuntu 18.04 da Ubuntu 16.04. Abinda yakamata muyi shine buɗe cibiyar software (ko kuma sabunta kayan aikin da muke rarrabawa) kuma yi amfani da sabuntawa. Da zarar an yi amfani da ku, kuna buƙatar sake kunna kwamfutarka don tabbatar da cewa facin sun fara aiki.

Da yawa kwari a cikin kwafin Ubuntu - Sabuntawa
Labari mai dangantaka:
Sabunta kernel naka yanzu: Canonical ya gyara har zuwa 109 CVE kwari a cikin kwaya na dukkan nau'ikan Ubuntu

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.