Kua kitea he ngoikoretanga (CVE-2023-43641) i roto i te whare pukapuka libcue, e tātari ana i ngā raraunga raraunga kei roto ngā mōhiohio e pā ana ki te raupapa me te roa o ngā ara oro. Mā tēnei ngoikoretanga ka taea te whakahaere waehere i te wā e tukatuka ana i ngā kōnae tohu kua hangaia mō te hunga motuhake. Ka whakamahia te whare pukapuka i roto i ētahi kaitākaro pāpāho me ngā ētita oro, tae atu ki a Audacious, ā, ka taea te whakamahi hei whakararu i te pūnaha i te wā e whakatuwhera ana i ngā raraunga kāore i te pono.
Hei tāpiritanga, ka whakamahia te whare pukapuka libcue i roto i te miihini rapu tracker-miners e whakamahia ana i roto i te taiao kaiwhakamahi GNOME. Nā te mea ka tātai aunoa a tracker-miners i ngā kōnae pāpāho hou i roto i te whaiaronga kāinga, hei whakaeke i ngā pūnaha GNOME me te whakahaere i te waehere kino, tukuatu noa i tētahi kōnae kua hangaia motuhake ki te whaiaronga ~/Downloads, ~/Music, ~/Videos rānei, me te kore e whakatuwhera (hei tauira, i ētahi wā, he rawaka te pāwhiri i tētahi hononga i roto i te pūtirotiro).
Kua whakaritea e ngā kairangahau i kitea te ngoikoretanga he whakamahinga mahi, ā, kua whakaaturia te kaha ki te whakamahi i ngā taiao Ubuntu 23.04 me Fedora 38. Ka whakaputaina te waehere whakamahinga i muri mai hei hoatu wā ki ngā kaiwhakamahi ki te tāuta i te papaki. He pumau te whakamahinga engari me urutau mō ia tohatoha.
Nā te nui haere o te tauoti i roto i te waehere wetewete tawhā INDEX i puta ai te ngoikoretanga, ā, ka puta ina whakatakotoria tēnei tawhā ki tētahi uara tau he nui rawa ki te uru ki te momo "int". Ka whakamahia te mahi atoi hei huri i tētahi aho ki tētahi tau; hei tauira, mā te tohu i te 4294567296 ka huri ki te -400000. Nā te korenga o tētahi tirotiro i te uara hua hei whakarite kia kino. Nō reira, i muri i te hurihanga atoi, ka whakahaerehia e te waehere te mahi "track->index[i] = ind," ka taea te tuku uara kino ki "i" hei tuhirua i te rohe mahara i waho o te arai me te uara "ind," e utaina ana hoki mai i te kōnae e tukatukahia ana.
I te nuinga o ngā tohatoha GNOME, ka whakahohea te wāhanga tracker-miners mā te taunoa, ā, ka utaina hei whakawhirinakitanga mārō o te kaiwhakahaere kōnae Nautilus (Ngā Kōnae GNOME). Hei whakakore i te tracker-miners mō te kaiwhakamahi o nāianei, ka taea e koe te whakamahi i ngā whakahau e whai ake nei: systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service tracker reset --hard
Source: opennet.ru
