I-Sudo ivuselelwa futhi, kulokhu ukuvimbela abaduni ekusebenziseni imiyalo njengezimpande

Emahoreni ambalwa adlule, iCanonical ishicilele umbiko wezokuphepha lapho usitshela khona nge ukuba sengozini kumyalo weSudo. Ekuqaleni, angizange ngiyinake kakhulu ngoba ibibhalwe ukuthi ayibalulekile kangako, kepha ekugcineni nginqume ukubhala le ndatshana ngoba ngomunye wemiyalo esetshenziswa kakhulu ekusatshalalisweni okususelwa ku-Linux. Ngokwengeziwe, iphutha lokuvikela lingavumela abaduni ukuthi bathole ukufinyelela kwezimpande futhi benze imiyalo.

Okungenani amaqembu amabili noma amaphrojekthi abikile lokhu kuba sengozini. Eyokuqala yiProject Debian, eyokuqala ukushicilelwa imininingwane ngoMgqibelo owedlule, esho ukuthi uhlelo oluthintekile yiDebian 9 "Stretch". Ngakolunye uhlangothi, iCanonical ishicilele embikweni I-USN-4263-1, lapho ekhuluma ngobungozi obulodwa ukuthi kuthinta zonke izinhlobo ze-Ubuntu ezisasekelwa esikhathini sabo semvelo, okuyi-Ubuntu 19.10, Ubuntu 18.04 LTS, ne-Ubuntu 16.04 LTS.

Isibuyekezo esincane Sudo sokuphepha

Kokubili iProjeki Debian neCanonical zisitshela ngephutha elifanayo lokuphepha, a I-CVE-2019-18634 imininingwane yencazelo yakhe eyi «i-buffer ichichima kusudo lapho i-pwfeedback inikwe amandla«. Uma ibhalwe ukuthi okubaluleke kakhulu kungenxa yokuthi akulula ukuxhaphaza isiphazamisi: "i-pwfeedback" kufanele inikwe amandla kwaSudoers ngumlawuli wesistimu. Njengoba i-National Vulnerability Database ibika, «Uma i-pwfeedback inikwe amandla ku- / etc / sudoers, Abasebenzisi bangaqala ukugcwala kwe-buffer esekwe kwisitaki kwinqubo ye-sudo eyilungelo".

Njengenjwayelo, iCanonical ishicilele umbiko wezokuphepha uma isikhiphe amabala alungisa isinambuzane, ngakho-ke ukuvuselela iSudo nokuzivikela kuyo kulula njengokuvula iSoftware Center (noma i-Software Update) nokufaka amaphakheji amasha azobe eselinde thina vele. Ngokusho kweCanonical, ngeke kudingeke ukuqala kabusha uhlelo lokusebenza ukuze ushintsho luqale ukusebenza.