Kwiiveki ezimbini emva koko umba obalulekileyo odlulileyo kwi I-4 ngakumbi ubuthathaka obufanayo (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817), evumela ngokudala ikhonkco ".forceput" ukudlula "-dSAFER" imo yokwahlula . Xa kusetyenzwa amaxwebhu ayilwe ngokukodwa, umhlaseli angafumana ufikelelo kwimixholo yenkqubo yefayile kwaye aphumeze ikhowudi engafanelekanga kwisixokelelwano (umzekelo, ngokongeza imiyalelo ku ~/.bashrc okanye ~/.profile). Ulungiso luyafumaneka njengamaphetshana (, ). Ungalandelela ukufumaneka kohlaziyo lwephakheji kunikezelo kula maphepha: , , , , , , , .
Masikukhumbuze ukuba ubuthathaka kwi-Ghostscript kubangela ingozi eyongeziweyo, kuba le phakheji isetyenziswa kwizicelo ezininzi ezidumileyo zokusetyenzwa kwePostScript kunye neefomathi zePDF. Umzekelo, i-Ghostscript ibizwa ngexesha lokudalwa kwe-thumbnail ye-desktop, isalathisi sedatha yangasemva, kunye nokuguqulwa komfanekiso. Kuhlaselo oluyimpumelelo, kwiimeko ezininzi kwanele ukukhuphela ngokulula ifayile nge-exploit okanye ukukhangela ulawulo ngayo kwiNautilus. Ubuthathaka kwi-Ghostscript bunokuxhatshazwa ngabaqhubekekisi bemifanekiso esekwe kwi-ImageMagick kunye neepakethe ze-GraphicsMagick ngokugqithisela iJPEG okanye ifayile ye-PNG equlathe ikhowudi ye-PostScript endaweni yomfanekiso (ifayile elolo hlobo iya kucutshungulwa kwi-Ghostscript, ekubeni udidi lwe-MIME lubonwa yi umxholo, kwaye ngaphandle kokuxhomekeka ekwandisweni).
umthombo: opennet.ru