Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo mu zlib chomwe chimachitika mukakanikiza data yopangidwa mwapadera

Chiwopsezo mu zlib chomwe chimachitika mukakanikiza data yopangidwa mwapadera

Chiwopsezo (CVE-2018-25032) chadziwika mu laibulale ya zlib, zomwe zimatsogolera ku kusefukira kwa buffer poyesa kupondaponda mndandanda wokonzekera mwapadera wa zilembo zomwe zikubwera. M'mawonekedwe ake apano, ofufuza awonetsa kuthekera kopangitsa kuti njirayo ithe molakwika. Sitinaphunzire ngati vutoli lingakhale ndi zotsatira zoopsa kwambiri.

Chiwopsezo chikuwoneka kuyambira ku mtundu wa zlib 1.2.2.2 komanso zimakhudzanso kutulutsidwa kwa zlib 1.2.11. Ndizofunikira kudziwa kuti chigamba chowongolera chiwopsezochi chidakonzedwa kale mu 2018, koma opanga sanamvere ndipo sanatulutse kumasulidwa koyenera (laibulale ya zlib idasinthidwa komaliza mu 2017). Kukonzekera sikunaphatikizidwenso m'mapaketi operekedwa ndi magawo. Mutha kuyang'anira kusindikizidwa kwa zosintha pogawira masamba awa: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD. Laibulale ya zlib-ng simakhudzidwa ndi vutoli.

Chiwopsezochi chimachitika ngati zolowetsazo zili ndi machesi ambiri oti apakidwe, pomwe kulongedza kumayikidwa potengera ma code a Huffman osakhazikika. Nthawi zina, zomwe zili mu buffer yapakatikati momwe zotsatiridwazo zimayikidwa zitha kupindika pamtima pomwe tebulo lachizindikiro limasungidwa. Zotsatira zake, deta yoponderezedwa yolakwika imapangidwa ndikuwonongeka chifukwa cholemba kunja kwa malire a buffer.

Kusatetezeka kungagwiritsidwe ntchito pogwiritsa ntchito njira yopondereza potengera ma code a Huffman osakhazikika. Njira yofananira imasankhidwa pamene njira ya Z_FIXED yathandizidwa momveka bwino mu code (chitsanzo cha ndondomeko yomwe imatsogolera ku kuwonongeka pogwiritsa ntchito njira ya Z_FIXED). Potengera kachidindo, njira ya Z_FIXED imathanso kusankhidwa yokha ngati mitengo yabwino komanso yosasunthika yowerengedwa pa datayo ili ndi kukula kofanana.

Sizinadziwikebe ngati mikhalidwe yogwiritsira ntchito pachiwopsezo ingasankhidwe pogwiritsa ntchito njira yotsatsira ya Z_DEFAULT_STRATEGY. Ngati sichoncho, ndiye kuti chiwopsezocho chidzangokhala pamakina ena omwe amagwiritsa ntchito njira ya Z_FIXED. Ngati ndi choncho, ndiye kuti kuwonongeka kwa chiwopsezo kungakhale kofunika kwambiri, popeza laibulale ya zlib ndi yovomerezeka ndipo imagwiritsidwa ntchito m'mapulojekiti ambiri otchuka, kuphatikizapo Linux kernel, OpenSSH, OpenSSL, apache httpd, libpng, FFmpeg, rsync, dpkg. , rpm, Git, PostgreSQL, MySQL, etc.

Source: opennet.ru

Kuwonjezera ndemanga