Kufooka kwapezeka mu oyang'anira phukusi la Nix ndi Lix komwe kumalola kugwiritsa ntchito ma code ndi maufulu a njira yoyambira, yomwe imagwira ntchito pansi pa wogwiritsa ntchito mizu pa NixOS ndi ma installation a ogwiritsa ntchito ambiri. Vutoli (CVE silinaperekedwe) limakhudza njira yoyambira ya nix-daemon, yomwe imagwiritsidwa ntchito kupatsa ogwiritsa ntchito opanda mwayi mwayi wopeza ntchito zomanga ndi malo osungira phukusi.
Kufooka kumeneku kumachitika chifukwa cha kusowa kwa chiletso pa kukonza ma directory obwerezabwereza mu NAR (Nix Archive) parsing code. Izi zitha kugwiritsidwa ntchito kuti ziyambe kutopa kwa coroutine stack ndikulembanso zomwe zili mu hell yomwe ili pambuyo pa stack popanda masamba oteteza. Vutoli lingagwiritsidwe ntchito ndi wogwiritsa ntchito aliyense amene angathe kukhazikitsa kulumikizana ndi nix-daemon. Mwachisawawa, ogwiritsa ntchito onse ali ndi kuthekera kumeneku, zomwe zimawalola kukweza mwayi wawo kwa wogwiritsa ntchito mizu mu ma installation a Nix ogwiritsa ntchito ambiri.
Vutoli linathetsedwa mwa kuchepetsa kuchuluka kwa recursion ku ma directories 64 okhala ndi ma nest, kuwonjezera masamba oteteza pakati pa stack ndi heap, ndikuyika ma check owonjezera a maulalo ophiphiritsa mu NAR. Mu Nix, kufooka kumawonekera kuyambira ndi mtundu 2.24.4 ndipo kunakhazikika mu ma releases 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, ndi 2.28.7. Mu Lix, kufooka kumawonekera mu release 2.93.0 ndipo kunakhazikika mu ma updates 2.93.4, 2.94.2, ndi 2.95.2. Woyang'anira phukusi la Guix sakhudzidwa ndi kufooka.
Kuphatikiza apo, zosintha za Nix zomwe zafalitsidwa zimakonza vuto lina (lopanda CVE) lomwe lili ndi mulingo wapakati (4.3 mwa 10). Vutoli lakhalapo kuyambira Nix 2.24.7 ndipo limalola mafayilo kulembedwa kudera lomwe lili kunja kwa chikwatu cha mizu momwe zosungiramo zakale zimatsegulidwa. Kufooka kumeneku kumagwiritsidwa ntchito popanga zinthu zokhala ndi njira za mafayilo athunthu mu mafayilo a tar. Mukatsegula zosungira zotere ndi lamulo la "nix-prefetch-url --unpack" kapena "nix store prefetch-file --unpack", mafayilo okhala ndi njira zathunthu amachotsedwa momwe alili, popanda kuwasintha kukhala njira zofananira.
Source: opennet.ru
