Ob lub lis piam tom qab yav dhau los qhov teeb meem tseem ceeb hauv 4 qhov tsis zoo sib xws (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817), uas tso cai los ntawm kev tsim qhov txuas mus rau ".forceput" kom hla "-dSAFER" hom kev rho tawm . Thaum ua cov ntaub ntawv tsim tshwj xeeb, tus neeg tawm tsam tuaj yeem nkag mus rau cov ntsiab lus ntawm cov ntaub ntawv kaw lus thiab ua raws li cov cai ntawm lub kaw lus (piv txwv li, los ntawm kev ntxiv cov lus txib rau ~/.bashrc lossis ~/.profile). Kev kho yog muaj raws li thaj ua rau thaj (, ). Koj tuaj yeem taug qab qhov muaj ntawm pob hloov tshiab hauv kev faib tawm ntawm nplooj ntawv no: , , , , , , , .
Cia peb nco ntsoov koj tias qhov tsis zoo hauv Ghostscript ua rau muaj kev phom sij ntau ntxiv, vim tias pob ntawv no tau siv ntau daim ntawv thov nrov rau kev ua cov ntawv PostScript thiab PDF. Piv txwv li, Ghostscript raug hu thaum lub sij hawm tsim duab duab me me, cov ntaub ntawv keeb kwm yav dhau los, thiab cov duab hloov dua siab tshiab. Rau kev ua tiav kev tawm tsam, ntau zaus nws txaus los rub tawm cov ntaub ntawv nrog kev siv lossis xauj cov npe nrog nws hauv Nautilus. Vulnerabilities hauv Ghostscript kuj tuaj yeem siv los ntawm cov duab processors raws li ImageMagick thiab GraphicsMagick cov pob khoom los ntawm kev hla lawv cov JPEG lossis PNG cov ntaub ntawv uas muaj PostScript code tsis yog duab (cov ntaub ntawv no yuav raug ua tiav hauv Ghostscript, txij li hom MIME tau lees paub los ntawm tus cov ntsiab lus, thiab tsis muaj kev vam khom ntxiv).
Tau qhov twg los: opennet.ru