Ghostscript, otu ngwaọrụ maka nhazi, ntụgharị na iwepụta akwụkwọ n'ụdị PostScript na PDF, nwere adịghị ike dị oke egwu (CVE-2021-3781) nke na-enye ohere igbu koodu aka ike mgbe ị na-ahazi faịlụ ahaziri ahazi. Na mbụ, e wetara nsogbu ahụ Emil Lerner, bụ onye kwuru banyere adịghị ike na August 25 na ZeroNights X ogbako e mere na St. nweta ego maka igosipụta mwakpo na ọrụ AirBNB, Dropbox na Yandex.Real Estate).
Na Septemba 5, nrigbu na-arụ ọrụ pụtara na ngalaba ọha na-enye gị ohere ịwakpo sistemu na-agba ọsọ Ubuntu 20.04 site na ịnyefe akwụkwọ ahaziri ahazi nke etinyere dị ka onyonyo na edemede weebụ na-agba ọsọ na sava site na iji ngwugwu php-imagemagick. Ọzọkwa, dị ka data mbụ si dị, a na-eji ụdị nrigbu ahụ eme ihe kemgbe March. Ekwuru na enwere ike ịwakpo sistemụ na-agba GhostScript 9.50, mana ọ tụgharịrị na adịghị ike ahụ dị na ụdị GhostScript niile na-esote, gụnyere ntọhapụ 9.55 na Git.
Emebere ndozi ahụ na Septemba 8th na, mgbe nyochachara ndị ọgbọ, nabatara n'ime ebe nchekwa GhostScript na Septemba 9th. N'ọtụtụ nkesa, nsogbu ahụ ka na-edobeghi (ọkwa nke mbipụta mmelite nwere ike ịlele na ibe Debian, Ubuntu, Fedora, SUSE, RHEL, Arch Linux, FreeBSD, NetBSD). A na-eme atụmatụ ka ebipụta mwepụta GhostScript nwere ndozi maka adịghị ike ahụ tupu ngwụcha ọnwa.
Ihe kpatara nsogbu a bụ ohere nke ịgafe ọnọdụ ikewapụ "-dSAFER" n'ihi ezughị oke nlele nke paramita ngwaọrụ Postscript "% pipe%", nke kwere ka e mebie iwu shei aka ike. Dịka ọmụmaatụ, iji malite ọrụ id na akwụkwọ, kọwaa naanị ahịrị "(% pipe%/tmp/&id)(w)file" ma ọ bụ "(%pipe%/tmp/;id)(r)file".
Ka anyị chetara gị na adịghị ike na Ghostscript na-ebute nnukwu ihe egwu, ebe a na-eji ngwugwu a n'ọtụtụ ngwa ewu ewu maka nhazi PostScript na PDF. Dịka ọmụmaatụ, a na-akpọ Ghostscript n'oge ịmepụta thumbnail desktọpụ, ntinye data ndabere, na ntụgharị onyonyo. Maka ọgụ na-aga nke ọma, n'ọtụtụ ọnọdụ, ọ ga-ezuru naanị ibudata faịlụ ahụ site na iji nrigbu ma ọ bụ lelee ndekọ ya na onye njikwa faili na-akwado igosipụta obere mkpịsị aka akwụkwọ, dịka ọmụmaatụ, na Nautilus.
A pụkwara iji ihe adịghị mma na Ghostscript mee ihe site na ndị na-emepụta ihe oyiyi dabere na ngwugwu ImageMagick na GraphicsMagick site na ịnyefe ha faịlụ JPEG ma ọ bụ PNG nwere koodu PostScript kama oyiyi (a ga-edozi faịlụ dị otú ahụ na Ghostscript, ebe ọ bụ na ụdị MIME bụ ndị a ghọtara. ọdịnaya, na-enweghị ịdabere na ndọtị).
isi: opennet.ru