FreeBSD yana magance lahani guda uku waɗanda zasu iya ba da izinin aiwatar da lambar yayin amfani da libfetch, sake watsa fakitin IPsec, ko samun damar bayanan kwaya. An gyara matsalolin a cikin sabuntawa 12.1-SAUKI-p2, 12.0-SAUKI-p13 da 11.3-SAKI-p6.
- - wani buffer ambaliya a cikin ɗakin karatu na libfetch, ana amfani da shi don loda fayiloli a cikin umarnin debo, mai sarrafa fakitin pkg da sauran abubuwan amfani. Lalacewar na iya haifar da aiwatar da lamba yayin sarrafa URL ɗin da aka kera na musamman. Ana iya kai harin lokacin shiga wani rukunin yanar gizon da maharin ke sarrafawa, wanda, ta hanyar turawa HTTP, zai iya fara sarrafa URL ɗin mugu;
- - wani rauni a cikin injin samar da core tsari juji. Sakamakon kuskure, an yi rikodin bayanai har zuwa 20 na bayanai daga tarin kernel a cikin juji, wanda zai iya ƙunsar bayanan sirri da kwaya ta sarrafa. A matsayin tsarin aiki don kariya, zaku iya kashe tsarar manyan fayilolin ta sysctl kern.coredump=0;
- - kwaro a cikin lambar don toshe bayanan sake aikawa a cikin IPsec ya ba da damar sake aika fakitin da aka kama a baya. Dangane da babban matakin yarjejeniya da aka watsa akan IPsec, matsalar da aka gano tana ba da damar, misali, umarnin da aka watsa a baya don a yi fushi.
source: budenet.ru