Kotsi (CVE-2018-25032) e khethiloe laebraring ea zlib, e lebisang ho phallo ea buffer ha e leka ho hatella tatellano e lokiselitsoeng ka ho khetheha ea litlhaku ho data e kenang. Ka sebopeho sa eona sa hajoale, bafuputsi ba bontšitse monyetla oa ho baka ts'ebetso ea ts'ebetso. Hore na bothata bo ka ba le liphello tse tebileng haholoanyane ha ho e-s'o ithutoe.
Bofokodi bona bo iponahatsa ho qala ka mofuta wa zlib 1.2.2.2 mme bo ama tokollo ya hajwale ya zlib, 1.2.11. Ho bohlokwa ho hlokomela hore patch e lokisang bofokodi e ile ya sisinngwa morao koana ka 2018, empa bahlahisi ba ile ba e hlokomoloha mme ha ba so lokolle tokollo e lokisang (laeborari ya zlib e ile ya ntjhafatswa la ho qetela ka 2017). Tokiso le yona ha e so kenyelletswe diphuthelwaneng tsa kabo. O ka latela tokollo ya dipatch ka kabo maqepheng a latelang: Debian, RHEL, Fedora, SUSE, Ubuntu, Khoro Linux, OpenBSD, FreeBSD, NetBSD. Laeborari ea zlib-ng ha e angoe ke bothata bona.
Kotsi e iponahatsa haeba karolo e kenang e na le palo e kholo ea lintho tse ts'oanang tse lokelang ho pakwa, 'me ho ipapisitsoe le likhoutu tse tsitsitseng tsa Huffman. Tlas'a maemo a itseng, likahare tsa "buffer" tse bohareng, moo sephetho se hatelitsoeng se behiloeng teng, li ka 'na tsa kopana le mohopolo oo tafole ea maqhubu a letšoao e bolokiloeng ho oona. Ka lebaka leo, data e hatisitsoeng e fosahetseng ea thehoa 'me hoa hlokomeleha ho oa ka lebaka la ho ngola ka nģ'ane ho moeli oa buffer.
Bofokoli bo ka sebelisoa feela ha ho sebelisoa leano la ho hatella le ipapisitseng le likhoutu tse tsitsitseng tsa Huffman. Leano le joalo le khethoa ha khetho ea Z_FIXED e lumelloa ka ho hlaka khoutu (mohlala oa tatellano e lebisang ho senyeha ha u sebelisa khetho ea Z_FIXED). Ho latela khoutu, leano la Z_FIXED le ka boela la khethoa ka bohona haeba lifate tse nepahetseng le tse tsitsitseng tse baloang bakeng sa data li na le boholo bo lekanang.
Ha ho so hlake hore na ho sebelisoa hampe ha bofokoli ho ka finyelloa ho sebelisoa leano la kamehla la khatello la Z_DEFAULT_STRATEGY. Haeba ho se joalo, bofokoli bo tla lekanyetsoa ho litsamaiso tse itseng tse sebelisang khetho ea Z_FIXED ka ho hlaka. Haeba ho joalo, tšenyo e tsoang bofokoli e ka ba kholo haholo, kaha laeborari ea zlib ke tekanyetso ea 'nete' me e sebelisoa mererong e mengata e tsebahalang, ho kenyeletsoa le kernel. Linux, OpenSSH, OpenSSL, apache httpd, libpng, FFmpeg, rsync, dpkg, rpm, Git, PostgreSQL, MySQL, jj.
Source: opennet.ru
