Bayan sati biyu Matsalolin da suka gabata a ciki 4 ƙarin irin wannan rauni (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817), wanda ke ba da izini ta hanyar ƙirƙirar hanyar haɗi zuwa ".forceput" don ƙetare yanayin keɓewar "-dSAFER". . Lokacin sarrafa takaddun ƙira na musamman, maharin na iya samun damar shiga abubuwan da ke cikin tsarin fayil kuma ya aiwatar da lambar sabani akan tsarin (misali, ta ƙara umarni zuwa ~/.bashrc ko ~/.profile). Ana samun gyara a matsayin faci (, ). Kuna iya bin diddigin samuwar sabuntawar fakiti a cikin rabawa akan waɗannan shafuka: , , , , , , , .
Bari mu tunatar da ku cewa raunin da ke cikin Ghostscript yana haifar da ƙarin haɗari, tunda ana amfani da wannan fakitin a cikin shahararrun aikace-aikace don sarrafa tsarin PostScript da PDF. Misali, ana kiran Ghostscript yayin ƙirƙirar babban hoto na tebur, firikwensin bayanan baya, da canza hoto. Don nasarar harin, a yawancin lokuta ya isa kawai zazzage fayil ɗin tare da amfani ko bincika kundin adireshi tare da shi a cikin Nautilus. Hakanan za'a iya amfani da rashin ƙarfi a cikin Ghostscript ta hanyar masu sarrafa hoto dangane da fakitin ImageMagick da GraphicsMagick ta hanyar wuce su fayil ɗin JPEG ko PNG mai ɗauke da lambar PostScript maimakon hoto (irin wannan fayil ɗin za'a sarrafa shi cikin Ghostscript, tunda nau'in MIME ana gane shi ta hanyar abun ciki, kuma ba tare da dogara ga tsawo ba).
source: budenet.ru