ProHoster > Блог > rongo ipurangi > Ka whakatikahia e te GNU Wget2 2.2.1 tētahi ngoikoretanga e āhei ai te tuhirua i ngā kōnae tūpono.

Ka whakatikahia e te GNU Wget2 2.2.1 tētahi ngoikoretanga e āhei ai te tuhirua i ngā kōnae tūpono.

Kua wātea inaianei te GNU Wget2 2.2.1. Koia tētahi putanga kua oti te tuhi anō, kua hangaia anō hoki o te kaupapa GNU Wget mō te tango aunoa i ngā ihirangi tāruarua. He maha ngā kōwhiringa tāpiri a Wget2, e tautoko ana i ngā tango maha-miro, e āhei ai te whakamahi i ngā mahi e wātea ana mā te whare pukapuka libwget, e tautoko ana i ngā kawa HTTP/2 me TLS 1.3, e āhei ai te tango i ngā raraunga kua whakarerekētia anake, ka taea te tiaki raraunga mai i ngā tūmau roma, te whakahaere tika i ngā ingoa rohe ao whānui, ā, ka taea te whakawhiti waehere i ngā ihirangi kua tangohia. Kei raro i te raihana GPLv3+ te raihana o Wget2, ā, kei raro i te raihana LGPLv3+ te raihana o te whare pukapuka.

E rua ngā ngoikoretanga e whakatikahia ana e te putanga hou:

  • CVE-2025-69194 — Te korenga o te manatoko ara kōnae tika i te wā e tukatuka ana i ngā ihirangi i roto i te hōputu Metalink, e whakamahia ana hei whakaahua i ngā hononga tango. Te whakamahi i te raupapa "../" i roto i ngā ara kōnae i roto i te poraka , ka taea e te kaiwhakaeke te waihanga, te ūkui, te tuhirua rānei i ngā kōnae tūpono i waho o te whaiaronga turanga e tukuna atu ana. Hei tauira, ka taea e te kaiwhakaeke te tuhirua i ngā ihirangi o ~/.ssh/authorized_keys, ~/.bashrc rānei, ka whakahaere i tā rātou waehere ki te pūnaha.
  • CVE-2025-69195 — Tērā pea ka arahi te waipuke o te arai i roto i te waehere horoi ingoa kōnae i roto i te mahi get_local_filename_real() ki te whakahaere i te waehere i te wā e tukatuka ana i ngā URL i hangaia motuhaketia i runga i ngā whārangi kua utaina, i te wā rānei e tukatuka ana i ngā whakawhiti. Ka puta te raruraru ina whakahohea te kōwhiringa "--restrict-file-names=windows|unix|ascii" ā, nā te tohatoha i tētahi arai 1024-paita kua whakaritea me te kore e tirotiro i te rahi tuturu o te raraunga e tuhia ana.

Ko ngā huringa kāore e pā ana ki te haumarutanga ko te tāpiri i te kōwhiringa "--show-progress" hei tohu i te ahunga whakamua o te tango, te whakamahinga o te wā ā-rohe ina tohua te kōwhiringa "--no-use-server-timestamps", te tautoko i te kupumatua 'no_' i roto i ngā tawhā whirihoranga, me te whakamahinga o te libnghttp2 mō te whakamātautau HTTP/2.

Source: opennet.ru

Hokona te manaaki pono mo nga waahi me te tiaki DDoS, nga kaiwhakarato VPS VDS 🔥 Hokona he manaaki paetukutuku pono me te tiakitanga DDoS, ngā tūmau VPS VDS | ProHoster