Wasu kwanaki da suka gabata an fitar da sabon sigar gidan yanar gizo don magance matsalar rashin lafiyar da aka gano azaman bayan gida (CVE-2019-15107), wanda aka samo a cikin sifofin hukuma na aikin, wanda aka rarraba ta Sourceforge.
Gano bayan gida ya kasance a cikin sifofi daga 1.882 zuwa 1.921 ya hada da (babu lambar tare da bangon baya a cikin maɓallin git) kuma an ba ku izinin aiwatar da umarnin harsashi ba bisa ƙa'ida ba akan tsarin gatanci mai nisa ba tare da tantancewa ba.
Game da Webmin
Ga wadanda basu san Webmin ba ya kamata su san hakan Wannan rukunin sarrafa yanar gizo ne don sarrafa tsarin Linux. Yana bayar da ƙwarewa mai sauƙi da amfani don sarrafa sabar ku. Hakanan ana iya sanya nau'ikan Webmin na kwanan nan kuma suyi aiki akan tsarin Windows.
Tare da Webmin, zaka iya canza saitunan kunshin gama gari, ciki har da masu amfani da gidan yanar gizo da rumbunan adana bayanai, da kuma kula da masu amfani, kungiyoyi, da kuma kayan aikin software.
Webmin yana bawa mai amfani damar ganin ayyukan da yake gudana, da kuma cikakkun bayanai game da abubuwan da aka sanya, gudanar da fayilolin log system, gyara fayilolin sanyi na hanyar sadarwar yanar gizo, ƙara dokokin Tacewar zaɓi, saita yankin lokaci da agogo na tsarin, ƙara ɗab'in bugawa ta hanyar CUPS, jerin abubuwan Perl da aka girka, saita SSH ko Server DHCP, da mai sarrafa yankin yankin DNS.
Webmin 1.930 ya isa don kawar da bayan gida
Sabon sigar gidan yanar gizo na 1.930 an sake shi don magance mitar lambar zartarwa. Wannan yanayin rashin lafiyar yana da samfuran amfani na fili, mece yana sanya tsarin sarrafa UNIX da yawa masu kama da hadari.
Shawarwarin tsaro sun nuna cewa sigar 1.890 (CVE-2019-15231) tana da rauni a cikin daidaitaccen tsari, yayin da sauran nau'ikan da abin ya shafa suke buƙatar zaɓi "canza kalmar wucewa mai amfani".
Game da rauni
Wani maƙiyi na iya aikawa da mummunan buƙatar buƙatar http zuwa shafin neman buƙatar kalmar sirri don yin allura da kuma ɗaukar aikace-aikacen gidan yanar gizo. Dangane da rahoton yanayin rauni, maharin baya buƙatar ingantaccen sunan mai amfani ko kalmar wucewa don amfani da wannan lahani.
Kasancewar wannan sifar tana nufin cewa eWannan yanayin rashin lafiyar yana iya kasancewa a cikin Webmin tun Yuli 2018.
Hari yana buƙatar kasancewar tashar yanar gizo ta buɗe tare da Webmin da kuma aiki a cikin yanar gizo na aikin don canza kalmar wucewa da ta wuce (ta tsohuwa ana kunna ta a cikin ginin 1.890, amma an kashe ta a wasu sigar).
An gyara matsalar a cikin sabuntawa 1.930.
An gano matsalar a cikin kalmar sirri_change.cgi, wanda ake amfani da aikin unix_crypt don tabbatar da tsohuwar kalmar sirri da aka shigar a cikin gidan yanar gizon, wanda ke aika kalmar sirri da aka karɓa daga mai amfani ba tare da tserewa daga haruffa na musamman ba.
A cikin git mangaza, wannan aikin hanyar haɗi ce akan ƙirar Crypt :: UnixCrypt kuma ba shi da haɗari, amma a cikin fayil ɗin tushe wanda aka ba shi tare da lambar, ana kiran lambar da kai tsaye ke isa / sauransu / inuwa kai tsaye, amma yana yin haka tare da ginin harsashi.
Don kai hari, kawai nuna alamar «|» a cikin filin tare da tsohuwar kalmar sirri kuma lambar mai zuwa za ta gudana tare da tushen gata a kan sabar.
A cewar sanarwar daga masu kirkirar gidan yanar gizon, lambar cutarwa tana maye gurbin sakamakon sulhuntawa da ayyukan ginin.
Ba a sanar da cikakkun bayanai ba, don haka ba a san idan fashin ya takaita ga mallakar asusun a Sourceforge ko kuma idan ya shafi wasu abubuwan da ke cikin taron na Webmin da abubuwan ci gaba.
Batun kuma ya shafi ginin mai amfani. A halin yanzu duk fayilolin taya an sake gina su daga Git.