Yau da yamma, An buga Canonical rahoto a ciki suke daki-daki 5 raunin tsaro a cikin Openjpeg2 - JPEG 2000 decompression compression compression wanda zai iya sa Ubuntu ta fadi ko mafi muni. Da farko, kuskuren da aka samu a ciki BuɗeJPEG ya shafi Ubuntu 18.04 LTS ne kawai, don haka sauran nau'ikan hukuma guda biyu da har yanzu ke da goyon bayan hukuma za a sake su, waxanda su ne Ubuntu 16.04 Xenial Xerus (an gyara su a baya) da Ubuntu 19.04, sabon sigar tsarin aiki na Canonical da aka sake shi Afrilu da ya gabata.
Ba kamar wasu masu bincike na tsaro waɗanda ke sakin lahani kafin a daidaita su ba, Canonical yana fitar da raunin tsaro ne kawai bayan an saki faci. A cikin jimla an gyara kwari 5 kuma duk ana iya amfani dasu don haifar da ƙin sabis (DoS). A cikin daya daga cikin hukunce-hukuncen, sun ambaci hakan ma zai iya bada izinin aiwatar da lambar nesa.
Buɗe OpenJPEG na iya ba da izinin aiwatar da lambar nesa
Waƙwalwar da aka gyara sun kasance:
- CVE-2017-17480: OpenJPEG an sami kuskuren rike wasu fayilolin PGX. Wani maƙiyi na iya amfani da wannan aibin don haifar da ƙin yarda da sabis ko aiwatar da lambar kode.
- CVE-2018-14423: OpenJPEG an sami kuskuren rike wasu fayiloli. Wani mai kawo hari zai iya amfani da wannan aibin don haifar da hana sabis.
- CVE-2018-18088: OpenJPEG an sami kuskuren rike wasu fayilolin PNM. Wani mai kawo hari zai iya amfani da wannan aibin don haifar da hana sabis.
- CVE-2018-5785 y CVE-2018-6616: OpenJPEG shima yana amfani da wasu fayilolin BMP ba daidai ba. Wani mai kawo hari zai iya amfani da aibi don haifar da ƙin yarda da sabis.
Facin da ke gyara wadannan kwari 5 sun riga sun kasance a cikin wuraren ajiya na hukuma na Ubuntu 18.04 LTS. Fayilolin shigar sune libopenjp2-7 – 2.3.0-2build0.18.04.1, libopenjp3d7 – 2.3.0-2build0.18.04.1 yolibopenjpip7 - 2.3.0-2build0.18.04.1. Don yin wannan, kawai buɗe aikace-aikacen Softwareaukaka Software ko kuma cibiyoyin software daban daban da ake dasu kuma sabunta abubuwan da aka ambata.