🥇Ruby 2.6.5, 2.5.7 kunye no-2.4.8 uhlaziyo olunobuthathaka obumiselweyo

Ukukhutshwa kokulungiswa kolwimi lweprogram yeRuby kwenziwe 2.6.5, 2.5.7 и 2.4.8, eyalungisa ubuthathaka obune. Owona mngcipheko unobungozi (CVE-2019-16255) kwilayibrari eqhelekileyo Shell (lib/shell.rb), leyo it ivumela yenza ikhowudi endaweni. Ukuba idatha efunyenwe kumsebenzisi iqwalaselwe kwimpikiswano yokuqala yeShell#[] okanye iShell# iindlela zovavanyo ezisetyenziselwa ukujonga ubukho befayile, umhlaseli angafezekisa umnxeba wendlela yeRuby engenamkhethe.

Ezinye iingxaki:

I-CVE-2019-16254 - utyhileko kwi-http yomncedisi eyakhelweyo WEBrick Uhlaselo lokwahlulahlula impendulo ye-HTTP (ukuba inkqubo ifaka idatha engaqinisekiswanga kwi-header yempendulo ye-HTTP, ngoko ke i-header inokwahlulwa ngokufaka umlinganiswa omtsha);
I-CVE-2019-15845 endaweni yombhalo ongeyomfuneko (\0) kwezo zitshekishwe nge “File.fnmatch” kunye ne “File.fnmatch?” iindlela. Iindlela zefayile zingasetyenziselwa ukuqalisa ngobuxoki itshekhi;
I-CVE-2019-16201 - ukwaliwa kwenkonzo kwimodyuli yoqinisekiso yeDiges yeWEBrick.

umthombo: opennet.ru

Hlaziya iRuby 2.6.5, 2.5.7 kunye ne-2.4.8 kunye nobuthathaka obuzinzileyo

Yongeza izimvo Phendula impendulo