Ile-ikawe Libarchive, eyiti o pese awọn iṣẹ fun ṣiṣẹ pẹlu ọpọlọpọ awọn ile ifi nkan pamosi ati awọn ọna kika faili fisinuirindigbindigbin, ti ṣe idanimọ awọn ailagbara ti o yori si awọn agbekọja ifipamọ nigba ṣiṣe awọn ile-ipamọ apẹrẹ pataki ni ọna kika RAR. Awọn ailagbara wa ninu execute_filter_audio (CVE-2024-48957) ati awọn iṣẹ ṣiṣe_filter_delta (CVE-2024-48958) ati pe o fa nipasẹ aini ṣiṣayẹwo pe bulọọki “src” le ṣe agbekọja bulọki “dst” ninu awọn ile-ipamọ ibajẹ.
Awọn ailagbara naa wa titi ni ẹya Libarchive 3.7.5, eyiti o tun ṣe atunṣe diẹ sii ju awọn aṣiṣe mejila kan ti o yori si awọn apọju ifipamọ, iraye si iranti ti o ti ni ominira tẹlẹ, tabi odidi odidi nigba mimu awọn faili ṣiṣẹ ni cpio, lzop, rpm, zip, uu ati awọn ọna kika rar. Awọn atunṣe jẹ ifihan bi awọn ọran aabo, ṣugbọn laisi awọn idamọ CVE sọtọ. Ko tii ṣe afihan boya awọn iṣoro wọnyi le jẹ yanturu lati ṣeto ipaniyan koodu nigba ṣiṣe awọn faili apẹrẹ pataki.
A lo Libarchive gẹgẹbi igbẹkẹle ninu ọpọlọpọ awọn idii olokiki, fun apẹẹrẹ, smbclient, flatpak, appstream, libappimage, dpdk, cmake, rpm, nix, pacman, elfutils, unrar, claws-mail, ark, epiphany, evince, vagrant, vlc, mpv, gvfs, fwupd, systemd (aṣayan) ati rola faili (oluṣakoso pamosi ni GNOME). O le ṣe atẹle wiwa awọn imudojuiwọn ni awọn pinpin lori awọn oju-iwe wọnyi: Debian, Ubuntu, RHEL, SUSE/ openSUSE, Fedora, Arch, FreeBSD.
orisun: opennet.ru
