Iinguqulelo zokusasazwa kwe-OpenWrt zikhutshiwe 18.06.7 ΠΈ 19.07.1, apho ilungiswa khona ukuba sesichengeni I-CVE-2020-7982 kumphathi wephakheji ye-opkg, enokusetyenziswa ukwenza uhlaselo lwe-MITM kunye nokubuyisela imixholo yephakheji ekhutshelwe kwindawo yokugcina. Ngenxa yempazamo kwikhowudi yokuqinisekisa ye-checksum, umhlaseli unokungahoyi i-SHA-256 checksums esuka kwipakethi, eyenze ukuba kube lula ukudlula iindlela zokukhangela imfezeko yezixhobo ze-ipk ezikhutshelweyo.
Ingxaki ikhona ukususela ngoFebruwari 2017, emva kokuba ikhowudi yongezwa ukungazinaki iindawo ezihamba phambili phambi kwe-checksum. Ngenxa yempazamo xa utsiba izithuba, isalathisi kwindawo emgceni asizange sitshintshe kwaye i-SHA-256 yehexadecimal decoding loop yolandelelwano lwe-hexadecimal ngoko nangoko ibuyise ulawulo kwaye ibuyise itshekhi yobude obunguziro.
Ngenxa yokuba umphathi wepakethe ye-opkg yaqaliswa njengengcambu, umhlaseli unokutshintsha imixholo kwiphakheji ye-ipk ngexesha lohlaselo lwe-MITM, ekhutshelwe kwindawo yokugcina ngelixa umsebenzisi wayesenza umyalelo "wokufaka i-opkg", kwaye alungiselele ikhowudi yakhe. iza kuphunyezwa ngengcambu yamalungelo ngokongeza eyakho imibhalo yesibambi kwimpahla, ebizwa ngexesha lofakelo. Ukusebenzisa ubuthathaka, umhlaseli kufuneka angcolise isalathiso sempahla (umzekelo, kwi downloads.openwrt.org). Ubungakanani bepakethe elungisiweyo kufuneka ihambelane neyoqobo evela kwisalathiso.
Iinguqulelo ezintsha zikwasusa enye enye ukuba sesichengeni kwilayibrari ye-libubox, enokukhokelela ekuphuphumeni kwesikhuseli xa kusetyenzwa ngokukhethekileyo okulandelanayo kokubini okanye idata ye-JSON kumsebenzi weblobmsg_format_json.
umthombo: linux.org.ru