Sabuntawa: yanayin rauni a cikin sudo zai iya ba masu amfani damar waɗanda ba za su riƙa yin umarni a matsayin tushen ba

Rashin ƙarfi a cikin sudo

Bayan 'yan mintoci kaɗan da suka gabata, Canonical ya buga sabon rahoton tsaro. Rashin lafiyar da aka gyara a wannan lokacin shine ɗayan waɗanda ba za a iya gani ba kuma da mun rasa, amma yana da ban sha'awa don kasancewa cikin wani abu da duk masu amfani da Ubuntu suka sani: da umurnin sudo. Rahoton da aka buga shi ne Saukewa: USN-4154-1 kuma, kamar yadda zaku iya tsammani, yana shafar duk nau'ikan Ubuntu masu goyan baya.

Don tantance ɗan ƙarin, nau'ikan da muke tallafawa waɗanda muke komawa zuwa gare su sune Ubuntu 19.04, Ubuntu 18.04, da Ubuntu 16.04 a cikin tsarinta na yau da kullun da Ubuntu 14.04 da Ubuntu 12.04 a cikin sigar ESM (Tsare Tsaron Tsaro). Idan muka shiga shafin na gyara yanayin rauni, wanda Canonical ya buga, mun ga cewa akwai alamun faci da ke akwai don duk sifofin da aka ambata a sama, amma har yanzu Ubuntu 19.10 Eoan Ermine ya shafa kamar yadda za mu iya karantawa a cikin rubutu cikin jan "buƙata".

Da yawa kwari a cikin kwafin Ubuntu - Sabuntawa
Labari mai dangantaka:
Sabuntawa: Canonical ya sake buga kwari da yawa a cikin kwayar Ubuntu

sudo an sabunta shi zuwa fasali 1.8.27 don gyara yanayin rauni

Gyara da aka gyara shine CVE-2019-14287, wanda aka bayyana a matsayin:

Lokacin da aka saita sudo don bawa mai amfani damar aiwatar da umarni azaman mai amfani da son zuciya ta hanyar DUK kalmomin a cikin takamaiman Runas, yana yiwuwa a aiwatar da umarni azaman tushe ta hanyar tantance ID na mai amfani -1 ko 4294967295.

Canonical ya sanya hukuncin a matsayin na matsakaici fifiko. Har yanzu, "sudo" da "tushen" suna sa muyi tunani Kullewa, tsarin tsaro wanda zai bayyana tare da Linux 5.4. Wannan tsarin zai kara takaita izini, wanda yafi tsaro a wani bangaren amma kuma a daya bangaren zai hana masu wata kungiya zama nau'in "Allah" tare dashi. A saboda wannan dalili, an yi ta muhawara game da shi na dogon lokaci kuma za a kashe Lockdown ta tsohuwa, kodayake babban dalilin wannan shi ne cewa zai iya lalata tsarin aiki na yanzu.

An riga an sami sabuntawa daga cibiyoyin software daban-daban. La'akari da yadda sauƙi da sauri yake sabuntawa, a ka'ida ba lallai bane a sake farawa, sabunta yanzu.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.