Kufunyenwe ubuthathaka kubaphathi beepakeji zeNix kunye neLix obuvumela ukwenziwa kwekhowudi ngamalungelo enkqubo yangasemva, esebenza phantsi komsebenzisi oyintloko kwiNixOS kunye nokufakwa kwabasebenzisi abaninzi. Le ngxaki (i-CVE ayinikwanga) ichaphazela inkqubo yangasemva ye-nix-daemon, esetyenziselwa ukubonelela abasebenzisi abangenamalungelo ngokufikelela kwimisebenzi yokwakha kunye nendawo yokugcina iipakeji.
Ubuthathaka buvela kukungabikho kwemida ekucutshungulweni kwe-recursive directory kwikhowudi yokuhlaziya ye-NAR (Nix Archive). Oku kungasetyenziswa ukuze kubangele ukudinwa kwe-coroutine stack kwaye kubhalwe ngaphezulu umxholo we-heap ebekwe emva kwe-stack ngaphandle kwamaphepha okulinda. Le ngxaki ingasetyenziswa nangubani na umsebenzisi onokukwazi ukuseka uqhagamshelo kwi-nix-daemon. Ngokuzenzekelayo, bonke abasebenzisi banalo olu buchule, olubavumela ukuba baphakamise amalungelo abo kumsebenzisi weengcambu kwii-installations ze-Nix zabasebenzisi abaninzi.
Le ngxaki isonjululwe ngokunciphisa inqanaba lokuphinda-phinda kwiidirectory ezingama-64 ezifakwe ngaphakathi, ukongeza amaphepha okulinda phakathi kwe-stack kunye ne-heap, kunye nokuphumeza ukujonga okongeziweyo kweekhonkco ezifanekisayo kwi-NAR. Kwi-Nix, ubuthathaka buvela kuqala ngenguqulelo 2.24.4 kwaye bulungisiwe kwii-releases 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, kunye ne-2.28.7. Kwi-Lix, ubuthathaka buvele kwi-release 2.93.0 kwaye bulungisiwe kwii-updates 2.93.4, 2.94.2, kunye ne-2.95.2. Umphathi wephakheji ye-Guix akachaphazeleki bubuthathaka.
Ukongeza, uhlaziyo lweNix olupapashiweyo lulungisa olunye ubuthathaka (akukho CVE) olulinganiswe kwinqanaba eliphakathi lobunzima (4.3 kwi-10). Le ngxaki ibikho ukususela kwiNix 2.24.7 kwaye ivumela iifayile ukuba zibhalwe kwindawo engaphandle kwesikhokelo seengcambu apho ii-archives zifakwa khona. Ubuthathaka busetyenziswa ngokudala izinto ezineendlela zefayile ezipheleleyo kwiifayile ze-tar. Xa ukhupha ezo nkcukacha ngomyalelo othi "nix-prefetch-url --unpack" okanye "nix store prefetch-file --unpack", iifayile ezineendlela ezipheleleyo zikhutshwa njengoko zinjalo, ngaphandle kokuziguqula zibe ziindlela ezihambelanayo.
umthombo: opennet.ru
