Kotsi (CVE-2018-25032) e khethiloe laebraring ea zlib, e lebisang ho khaphatseha ha buffer ha ho leka ho hatella tatellano e lokiselitsoeng ka ho khetheha ea litlhaku ho data e kenang. Ka sebopeho sa eona sa hajoale, bafuputsi ba bontšitse bokhoni ba ho etsa hore ts'ebetso e felisoe ka mokhoa o sa tloaelehang. Hore na bothata bona bo ka ba le liphello tse tebileng haholoanyane ha ho e-s'o ithutoe.
Kotsi e hlaha ho qala ho mofuta oa zlib 1.2.2.2 hape e ama tokollo ea hajoale ea zlib 1.2.11. Hoa hlokomeleha hore patch ea ho lokisa bofokoli e hlahisitsoe morao koana ka 2018, empa bahlahisi ha ba ka ba e ela hloko mme ha ba ka ba lokolla tokollo e lokisoang (laeborari ea zlib e qetetse ho ntlafatsoa ka 2017). Tokiso le eona ha e so kenyellelitsoe lipaketeng tse fanoang ke kabo. U ka latela phatlalatso ea litokiso ka likhatiso maqepheng ana: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD. Laeborari ea zlib-ng ha e angoe ke bothata.
Kotsi e etsahala haeba karolo e kenang e na le palo e kholo ea lintho tse ts'oanang tse lokelang ho pakwa, 'me ho ipapisitsoe le likhoutu tse tsitsitseng tsa Huffman. Tlas'a maemo a itseng, likahare tsa "buffer" tse bohareng tseo sephetho se hatelitsoeng li kenngoeng ho tsona li ka 'na tsa koahela mohopolo oo tafole ea maqhubu a letšoao e bolokiloeng ho oona. Ka lebaka leo, data e hatisitsoeng e fosahetseng e hlahisoa 'me e senyeha ka lebaka la ho ngola ka ntle ho moeli oa buffer.
Bofokoli bo ka sebelisoa feela ho sebelisoa leano la ho hatella le ipapisitseng le likhoutu tse tsitsitseng tsa Huffman. Leano le ts'oanang le khethoa ha khetho ea Z_FIXED e lumelloa ka ho hlaka khoutu (mohlala oa tatellano e lebisang ho senyeha ha ho sebelisoa khetho ea Z_FIXED). Ho latela khoutu, leano la Z_FIXED le ka boela la khethoa ka bohona haeba lifate tse nepahetseng le tse tsitsitseng tse baloang bakeng sa data li na le boholo bo lekanang.
Ha ho so hlake hore na maemo a ho sebelisa monyetla oa ho ba kotsing a ka khethoa ho sebelisoa leano la ho hatella la Z_DEFAULT_STRATEGY. Haeba ho se joalo, ho ba kotsing ho tla lekanyetsoa ho litsamaiso tse itseng tse sebelisang khetho ea Z_FIXED ka ho hlaka. Haeba ho joalo, joale tšenyo e bakoang ke ho ba kotsing e ka ba ea bohlokoa haholo, kaha laeborari ea zlib ke tekanyetso ea de facto 'me e sebelisoa mererong e mengata e tummeng, ho akarelletsa le Linux kernel, OpenSSH, OpenSSL, apache httpd, libpng, FFmpeg, rsync, dpkg. , rpm, Git, PostgreSQL, MySQL, joalo-joalo.
Source: opennet.ru