Saki na gaba na curl, mai amfani da ɗakin karatu don canja wurin bayanai akan hanyar sadarwa, ya faru. A cikin shekaru 25 na ci gaban aikin, curl ya aiwatar da tallafi ga ka'idojin cibiyar sadarwa da yawa, kamar HTTP, Gopher, FTP, SMTP, IMAP, POP3, SMB da MQTT. Laburaren libcurl ana amfani da irin waɗannan mahimman ayyuka ga al'umma kamar Git da LibreOffice. Ana rarraba lambar aikin a ƙarƙashin lasisi Curl (Zaɓin lasisin MIT).
Sakin yana da mahimmanci don dalilai guda biyu:
- kara da cewa goyon bayan yarjejeniya IPFS;
- gyarawa m rauni a cikin aiwatar da tsarin SOCKS5;
Rashin lahani ya kasance musamman alama by marubucin aikin, Daniel Stenberg, a matsayin "daya daga cikin mafi tsanani vulnerabilities a curl a cikin dogon lokaci." Rashin lahani yana faruwa ne ta hanyar kuskure a cikin dabaru na kafa haɗin gwiwa tare da wakili na SOCKS5, wanda ke ba da damar mai hari ya cika buffer da aiwatar da lambar sabani a gefen aikace-aikacen.
Jay Satiro ne ya gano kuskuren, a matsayin wani ɓangare na shirin Intanet Bug Bounty an biya shi diyya a cikin adadin dala 4660.
Ya kamata a lura cewa Daniyel ya ɗauki matsayi mai aiki a cikin batutuwan tsaro da aiki aiki akan aiwatar da ka'idar HTTP Rust a cikin curl.
source: linux.org.ru
