Sudo ya sake sabuntawa, wannan lokacin don hana masu fashin kwamfuta aiwatar da umarni azaman tushe

Bayan 'yan awanni da suka gabata, Canonical ya wallafa wani rahoton tsaro wanda a ciki yake ba mu labarin a yanayin rauni a cikin umarnin sudo. Da farko, ban mai da hankali sosai ba saboda an lakafta shi da mahimmancin mahimmanci, amma a ƙarshe na yanke shawarar rubuta wannan labarin saboda yana ɗaya daga cikin umarnin da aka fi amfani da su a cikin rarraba Linux. Ari ga haka, matsalar tsaro na iya ba maharan damar samun tushen hanyar aiwatar da umarni.

Aƙalla ƙungiyoyi biyu ko ayyuka sun ba da rahoton wannan rauni. Daya shine Project Debian, farkon wanda ya fara bugawa bayani ranar Asabar da ta gabata, yana ambaton cewa tsarin da abin ya shafa shi ne Debian 9 "Stretch". A gefe guda, Canonical ya buga a cikin rahoto Saukewa: USN-4263-1, Inda yayi maganar raunin guda daya cewa ya shafi dukkan nau'ikan Ubuntu waɗanda har yanzu ana tallafawa a cikin ajalinsu na asali, wadanda sune Ubuntu 19.10, Ubuntu 18.04 LTS, da Ubuntu 16.04 LTS.

Updatearamin sabunta Sudo don tsaro

Dukansu Project Debian da Canonical sun bamu labarin rashin tsaro iri daya, a CVE-2019-18634 wanda bayaninsa ya bayyana wani «yin ajiya a cikin sudo lokacin da aka kunna pwfeedback«. Idan an lakafta shi kamar low fifiko saboda saboda ba abu ne mai sauƙi ba don amfani da kwaro: "pwfeedback" dole ne mai sarrafa tsarin ya kunna shi a cikin Sudoers. Kamar yadda Rukunin Bayanai na ularfafa Nationalasa ke bayarwa, «Idan an kunna pwfeedback a cikin / sauransu / sudoers, masu amfani zasu iya haifar da tarin ajiya a cikin tsarin sudo na dama".

Kamar yadda aka saba, Canonical ya wallafa rahoton tsaro da zarar ya fitar da facin da ke gyara kwaro, don haka sabunta Sudo da kare kanmu daga gare shi abu ne mai sauki kamar bude Cibiyar Software (ko Sabunta Software) da girkawa. sabon kunshin da tuni suna jiran mu. A cewar Canonical, ba zai zama dole a sake kunna tsarin aiki ba don canje-canje su fara aiki.