Dhowr saacadood ka hor, Canonical ayaa daabacay warbixin uu kaga hadlayo a u nuglaanta Ghostscript Waxay saameyneysaa dhammaan noocyada Ubuntu ee wali lagu taageerayo meertada noloshooda caadiga ah. Waqtigan xaadirka ah, noocyadaas waa Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 LTS Bionic Beaver, iyo Ubuntu 16.04 LTS Xenial Xerus. Software-ka ay dhibaatadu saameysey ayaa ah "ghostscript - PostScript iyo turjubaan PDF" jaantusyaduna waxay saxaan wadarta u nuglaanta 4 CVE.
Jilicsanaanta la ogaadey horeyna loo saxay ayaa ah CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 y CVE-2019-14817, dhammaantood loola dhaqmay sidii dhexdhexaad degdeg ah. Dhammaan afartooduba waxay wadaagaan wax badan oo faahfaahin ah oo faahfaahinaya a 'Habka Nabdoon ByPass by .forceput gaadhista gudaha» .pdf_hook_DSC_Abuuriye, setuserparams, setystemparams iyo.pdfexectoken siday u kala horreeyaan. Xirmooyinka la cusbooneysiinayo waa ghostscript - 9.26 ~ dfsg + 0-0ubuntu7.3 y libgs9 – 9.26~dfsg+0-0ubuntu7.3 on Ubuntu 19.04, ghostscript - 9.26 ~ dfsg + 0-0ubuntu0.18.04.11 y libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.11 on Ubuntu 18.04 iyo ghostscript - 9.26 ~ dfsg + 0-0ubuntu0.16.04.11 y libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.11 on Ubuntu 16.04.
Jilicsanaanta 'Ghostscript' ayaa la timid mid ka mid ah Ceph
Jilicsanaantaan ku jirta Ghostscript-ka maahan tan keliya ee Canonical ay sii deysay maanta. Muddo yar ka dib isaguna wuu soo warramay kale, kiiskan «ceph - kaydinta iyo nidaamka faylka loo qaybiyey«, Kaas oo saameeya Ubuntu 19.04 iyo Ubuntu 18.04. Khaladka la daaweeyay horayna loo saxay ayaa ah CVE-2019-10222 waxayna faahfaahin ka bixinaysaa u nuglaanta xaalad deg deg ah oo dhexdhexaad ah taas oo ah keph waxaa loo isticmaali karaa in lagu xannibo haddii ay hesho taraafikada shabakad si gaar ah loo farsameeyay. Weeraryahan fog ayaa u adeegsan kara cilladan inuu ku keeno diidmada adeegga (DoS). Sharootooyinka lagu dabaqayo kiiskan ayaa ah ceph - 13.2.6-0ubuntu0.19.04.3 y radosgw - 13.2.6-0ubuntu0.19.04.3 on Ubuntu 19.04 iyo ceph - 12.2.12-0ubuntu0.18.04.2 y radosgw - 12.2.12-0ubuntu0.18.04.2 on Ubuntu 18.04.
Dhammaan balastarrada ayaa horeyba loogu heli karaa cusbooneysiin, sidaa darteed iyaga oo ku dabaqaya oo aan ka ilaalinayno nuglaanta ku xusan qodobkan waa mid fudud oo ah furitaanka barnaamijka Cusboonaysiinta Software-ka ama xarun software kasta iyo codso cusbooneysiinta.
Caadi ahaan, kaliya waa inaan Ubuntu si fiican u cusbooneysiinaa oo aysan jirin sabab laga walwalo. Waad ku mahadsan tahay macluumaadka.