Ubuthathaka (CVE-2026-4747) bulungisiwe kwiFreeBSD. Olu buthathaka luvumela ukwenziwa kwekhowudi yenqanaba le-kernel ngokuthumela iipakethi zenethiwekhi kwiseva ye-NFS. Ingxaki iyenzeka xa kusetyenziswa imodyuli ye-kgssapi.ko, esebenzisa i-RPCSEC_GSS API kwi-kernel. Ukongeza kwi-kernel, ubuthathaka buchaphazela usetyenziso lwesithuba somsebenzisi olusebenzisa ilayibrari ye-librpcgss_sec kwaye lwenza imisebenzi yeseva ye-RPC. Ezo zicelo, ezingeyonxalenye yenkqubo yesiseko seFreeBSD, zinokuhlaselwa ngokuthumela iipakethi zenethiwekhi.
Ingxaki ikhona ekusetyenzisweni kwe-GSS (Generic Security Services) API, evumela ukusekwa kweendlela zonxibelelwano ezikhuselekileyo neziqinisekisiweyo umncedisiI-RPCSEC_GSS isetyenziswa kwiiseva ze-NFS ukukhusela ukufikelela kwi-Sun RPC kusetyenziswa uqinisekiso olusekelwe kwiKerberos kunye nethrafikhi efihliweyo phakathi kweseva kunye nomthengi. Ingxaki ibangelwa yidatha yepakethi ekopishwa kwi-buffer esisigxina ngexesha lokuqinisekiswa kwesiginitsha ngaphandle kokuqinisekiswa kobungakanani obufanelekileyo. Impazamo yenzeka ngaphambi kokuqinisekiswa kodwa ifuna amandla okuthumela iipakethi zenethiwekhi kwiseva ye-NFS. Kukho i-exploit evumela ukuphunyezwa okukude kwe-/bin/sh kunye namalungelo eengcambu.
Olu buthathaka lufunyenwe ngumsebenzi we-Anthropic esebenzisa umncedisi we-Claude AI. Okuphawulekayo kukuba, abaphandi beqela lesithathu kwiqela leCalif basebenzise uClaude ukubhala i-working exploit, besebenzisa kuphela ingxelo yobuthathaka ngokubanzi epapashwe yiprojekthi ye-FreeBSD njengolwazi. Ukongeza ekusebenziseni ngokuthe ngqo ubuthathaka, imodeli ye-AI ithumele umatshini obonakalayo onoqwalaselo olubuthathaka, yaseka i-remote debugging kunye ne-kernel crash dump reading, kwaye yasebenzisa ne-/bin/sh ngaphakathi kwe-exploit emva kokufezekisa ukuphunyezwa kwekhowudi yenqanaba le-kernel. I-exploit ithathe iiyure ezine zexesha likaClaude ukuyidala.
Abaphandi abenze olu qhankqalazo baqhubeka novavanyo lwabo, besebenzisa uClaude ukuchonga ubuthathaka kwiVim nakwiEmacs obunokuvumela ukuphunyezwa kwekhowudi xa kuvulwa iifayile ezenziwe ngokukodwa kwaba bahleli. Okumangalisayo kukuba, iziphakamiso zemodeli ziqokelele kwingxelo elula yengxaki, efana "nokufumana ubuthathaka obungenalo usuku kwiVim obenzeka xa kuvulwa ifayile." Ekugqibeleni, imodeli kaClaude yaphumelela ukufumanisa ubuthathaka obungaziwa ngaphambili.
Ubuthathaka kwiVim (CVE-2026-34714) bubangelwa yimpazamo ekuphathweni kokhetho lwe-tabpanel kwimo yemodeli engagqibekanga (":set modeline"), evumela ukucacisa ukhetho lokuhlela kwifayile ecutshungulwayo. Njengoko kuyilwe ngabaphuhlisi beVim, i-modeline ivumela kuphela inani elilinganiselweyo leenketho ukuba zisetwe, kwaye iintetho kwezi ndlela zenziwa kwimo yesanti, evumela kuphela imisebenzi elula nekhuselekileyo.
Ukhetho lwe-tabpanel aluzange lube neflegi ye-P_MLE, nto leyo evumela ukuba i-%{expr} ibonakaliswe ngaphandle kokusebenzisa imo ye-modelineexpr. Ukuze kudlule i-sandbox isolation, kukho isiphene kumsebenzi we-autocmd_add(). Lo msebenzi wawungenazo iitshekhi ezifanelekileyo zokhuseleko xa ubopha isenzo kwisiganeko se-SafeStateAgain, nto leyo evumela ukuba umyalelo uphunyezwe emva kokuphuma kwi-sandbox isolation. Ubuthathaka bulungisiwe kwi-Vim v9.2.0272. Umzekelo womgca osebenzisa i-"id" utility kwaye uqondise imveliso kwifayile "/tmp/calif-vim-rce-poc": /* vim: set showtabpanel=2 tabpanel=%{%autocmd_add([{'event'\:'SafeStateAgain','pattern'\:'*','cmd'\:'!id>/tmp/calif-vim-rce-poc','once'\:1}])%}: */
Ubuthathaka kwi-Emacs bubangelwa kukucutshungulwa ngokuzenzekelayo komxholo we-.git/ directory xa ikwi-directory efanayo nefayile evulwayo. Kule meko, xa uvula ifayile, i-Emacs isebenzisa imiyalelo ethi "git ls-files" kunye ne "git status," eyenziwe kumxholo we-".git/." Ukuze usebenzise ikhowudi, vula nje ifayile kwi-Emacs kwi-directory equlethe i-.git/ subdirectory enefayile yoqwalaselo lwe-"config" equka ukhetho lwe-"core.fsmonitor" kunye nomyalelo ochaziweyo womhlaseli wokuqhuba. Abagcini be-GNU Emacs bala ukulungisa ubuthathaka, becaphula umba othile we-Git.
Ukongeza, ezinye iingxaki ezimbini zingabonwa:
- I-CVE-2026-33150 - Ubuthathaka bokusetyenziswa emva kokungasebenzisi kwi-io_uring handler yelayibrari ye-libfuse bunokuvumela ukuphunyezwa kwekhowudi xa kuphelelwa zizixhobo ezikhoyo xa usebenza neenkqubo zefayile eziphunyezwe nge-FUSE (Filesystem in Userspace).
- I-CVE-2026-34743 — I-buffer iphuphuma kakhulu ekuphunyezweni komsebenzi we-lzma_index_append() kwilayibrari ye-liblzma. Le ngxaki iyabonakala xa kusetyenziswa umsebenzi we-lzma_index_decoder() ukucacisa isalathisi esingenazo ii-entries, nto leyo ebangela ukuba kwabelwe i-buffer encinci kunokuba kuyimfuneko. Kuyaphawuleka ukuba i-lzma_index* API ekumgangatho ophantsi ayisetyenziswa rhoqo kwizicelo, kwaye akunakwenzeka ukuba izicelo ezihlangabezana neemeko ezifunekayo zokuphathwa kwesalathisi zisetyenziswe kakubi. Ubuthathaka bumiselwe kwi-XZ Utils 5.8.3.
umthombo: opennet.ru
