ProHoster > Блог > xov xwm hauv internet > Vulnerability nyob rau hauv zlib uas tshwm sim thaum compressing tshwj xeeb tsim cov ntaub ntawv

Vulnerability nyob rau hauv zlib uas tshwm sim thaum compressing tshwj xeeb tsim cov ntaub ntawv

Ib qho yooj yim (CVE-2018-25032) tau raug txheeb xyuas nyob rau hauv lub tsev qiv ntawv zlib, ua rau muaj kev tsis txaus siab thaum sim ua kom cov txheej txheem tshwj xeeb ntawm cov cim hauv cov ntaub ntawv tuaj. Hauv nws daim ntawv tam sim no, cov kws tshawb fawb tau ua pov thawj tias muaj peev xwm ua rau muaj kev cuam tshuam tsis zoo. Txawm hais tias qhov teeb meem tuaj yeem muaj qhov tshwm sim loj dua tseem tsis tau kawm.

Qhov tsis muaj zog no pib tshwm sim nrog zlib version 1.2.2.2 thiab cuam tshuam rau qhov kev tso tawm zlib tam sim no, 1.2.11. Nws tsim nyog sau cia tias ib qho kev kho qhov tsis muaj zog tau raug thov rov qab rau xyoo 2018, tab sis cov neeg tsim khoom tsis quav ntsej nws thiab tsis tau tso tawm qhov kev tso tawm kho (lub tsev qiv ntawv zlib tau hloov kho zaum kawg hauv xyoo 2017). Qhov kev kho kuj tseem tsis tau suav nrog hauv cov pob khoom faib tawm. Koj tuaj yeem taug qab qhov kev tso tawm ntawm cov kho los ntawm kev faib tawm ntawm cov nplooj ntawv hauv qab no: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD. Lub tsev qiv ntawv zlib-ng tsis raug cuam tshuam los ntawm qhov teeb meem no.

Qhov tsis zoo tshwm sim yog tias cov kwj nkag muaj ntau qhov sib tw yuav tsum tau ntim, uas ntim tau siv raws li Huffman cov lej ruaj khov. Hauv qee qhov xwm txheej, cov ntsiab lus ntawm qhov nruab nrab tsis nyob rau hauv uas cov txiaj ntsig compressed tau muab tso rau yuav sib tshooj ntawm lub cim xeeb uas khaws cov cim zaus. Yog li ntawd, cov ntaub ntawv compressed tsis raug yog tsim thiab poob vim yog kev sau ntawv sab nraum qhov tsis muaj ciam teb.

Qhov tsis muaj peev xwm tsuas yog siv tau los ntawm kev siv lub tswv yim compression raws li Huffman cov lej ruaj khov. Ib lub tswv yim zoo sib xws raug xaiv thaum qhov kev xaiv Z_FIXED tau qhib meej meej hauv cov cai (piv txwv li ib ntus uas ua rau muaj kev sib tsoo thaum siv Z_FIXED kev xaiv). Kev txiav txim los ntawm txoj cai, Z_FIXED lub tswv yim kuj tuaj yeem xaiv tau yog tias cov ntoo zoo thiab zoo li qub suav rau cov ntaub ntawv muaj qhov loj me.

Tseem tsis tau meej meej tias puas siv tau qhov tsis muaj zog los ntawm kev siv lub tswv yim Z_DEFAULT_STRATEGY uas twb muaj lawm. Yog tias tsis yog, qhov tsis muaj zog yuav raug txwv rau cov kab ke tshwj xeeb uas siv qhov kev xaiv Z_FIXED. Yog tias yog li ntawd, qhov kev puas tsuaj los ntawm qhov tsis muaj zog yuav loj heev, vim tias lub tsev qiv ntawv zlib yog tus qauv tseeb thiab siv rau hauv ntau qhov project nrov, suav nrog lub kernel. Linux, OpenSSH, OpenSSL, apache httpd, libpng, FFmpeg, rsync, dpkg, rpm, Git, PostgreSQL, MySQL, thiab lwm yam.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster