Debian mai haɓakawa kuma mai binciken tsaro Andres Freund ya ba da rahoton gano yuwuwar kofa a cikin lambar tushe na nau'ikan xz 5.6.0 da 5.6.1.
Kofar baya ita ce layi a ɗaya daga cikin rubutun m4, wanda ke haɗe ɓoyayyun lambar ɓarna zuwa ƙarshen rubutun saitin. Wannan lambar sai ta canza ɗayan Makefiles ɗin da aka ƙirƙira na aikin, wanda a ƙarshe yana haifar da lambar ɓoyayyiya (wanda aka kama shi azaman tarihin gwajin bad-3-corrupt_lzma2.xz) ana shigar da shi cikin binary na liblzma.
Muhimmancin abin da ya faru shi ne cewa lambar ɓarna ta ƙunshi kawai a cikin faifan lambar tushe da aka rarraba kuma baya cikin ma'ajiyar git na aikin.
An ba da rahoton cewa mutumin da aka ƙara wa maƙasudin lambar a ma'ajiyar aikin, ko dai yana da hannu kai tsaye a cikin abin da ya faru, ko kuma an yi masa mummunar ta'azzara akan asusun ajiyarsa (amma mai binciken ya karkata ga zaɓi na farko, tun da yake. wannan mutumin da kansa ya shiga cikin tattaunawa da yawa da ke da alaƙa da canje-canje na mugunta).
Dangane da hanyar haɗin yanar gizon, mai binciken ya lura cewa babban makasudin bayan gida ya bayyana shine shigar da lamba a cikin tsarin sshd kuma a maye gurbin lambar tabbatarwa ta maɓallin RSA, kuma yana ba da hanyoyi da yawa don bincika a kaikaice ko lambar ƙeta tana gudana akan tsarin ku.
A cewar wani labarin aikin budeSUSE, saboda rikitarwa na lambar bayan gida da tsarin da ake tsammani na aikinta, yana da wuya a tantance ko ya "yi aiki" a kalla sau ɗaya a kan na'ura da aka ba, kuma yana ba da shawarar sake shigar da OS tare da juyawa duk maɓallan da suka dace akan. duk injinan da suka kamu da nau'ikan xz aƙalla sau ɗaya.
source: linux.org.ru
