Ukuba sengozini ku-SQLite evumela ukuhlasela okukude ku-Chrome nge-WebSQL

Abacwaningi bezokuphepha benkampani yaseChina iTencent kwethulwe okuhlukile okusha kobungozi Magellan (I-CVE-2019-13734), okuvumela ukuthi ufinyelele ukukhishwa kwekhodi lapho ucubungula izakhiwo ze-SQL eziklanywe ngendlela ethile ku-SQLite DBMS. Kube sengozini efanayo eshicilelwe ngabacwaningi abafanayo ngonyaka odlule. Ukuba sengozini kuyaphawuleka ngoba kuvumela umuntu ukuthi ahlasele isiphequluli se-Chrome ekude futhi azuze ukulawula isistimu yomsebenzisi lapho evula amakhasi ewebhu alawulwa umhlaseli.

Ukuhlasela kwe-Chrome/Chromium kwenziwa nge-WebSQL API, isibambi sayo esisekelwe kukhodi ye-SQLite. Ukuhlaselwa kwezinye izinhlelo zokusebenza kungenzeka kuphela uma zivumela ukudluliswa kwezakhiwo ze-SQL ezivela ngaphandle ziye ku-SQLite, isibonelo, zisebenzisa i-SQLite njengefomethi yokushintshanisa idatha. IFirefox ayisengozini ngenxa yeMozilla wenqabile kusuka ekusetshenzisweni kweWebSQL inzuzo I-IndexedDB API.

I-Google ilungise inkinga ekukhishweni I-Chrome 79. Kube nenkinga ku-codebase ye-SQLite kulungisiwe Novemba 17, naku-codebase yeChromium - 21 Novemba.
Inkinga ikhona ku ikhodi Injini yokusesha ye-FTS3 yombhalo ogcwele nangokusebenzisa amathebula ethunzi (uhlobo olukhethekile lwethebula elibonakalayo elibhalekayo) ingaholela ekonakaleni kwenkomba kanye nokuchichima kwebhafa. Ulwazi oluningiliziwe ngamasu okusebenza luzoshicilelwa ngemuva kwezinsuku ezingama-90.

Ukukhishwa okusha kwe-SQLite okunokulungiswa okwamanje abunjwanga (kulindeleke Disemba 31). Njengendlela yokuphepha, eqala nge-SQLite 3.26.0, imodi ye-SQLITE_DBCONFIG_DEFENSIVE ingasetshenziswa, evimbela ukubhala kumathebula ethunzi futhi inconyelwe ukufakwa lapho kucutshungulwa imibuzo yangaphandle ye-SQL ku-SQLite. Kumakhithi okusabalalisa, ukuba sengozini kulabhulali ye-SQLite kuhlala kungalungisiwe Debian, Ubuntu, RHEL, vulaSUSE / SUSE, I-Arch Linux, Fedora, I-FreeBSD. I-Chromium kukho konke ukusatshalaliswa isivele ibuyekeziwe futhi ayithinteki ukuba sengozini, kodwa inkinga ingase ithinte iziphequluli ezihlukahlukene zezinkampani zangaphandle nezinhlelo zokusebenza ezisebenzisa injini ye-Chromium, kanye nezinhlelo zokusebenza ze-Android ezisekelwe ku-Webview.

Ukwengeza, izinkinga ezi-4 eziyingozi kakhulu nazo zikhonjwe ku-SQLite (I-CVE-2019-13750, I-CVE-2019-13751, I-CVE-2019-13752, I-CVE-2019-13753), okungaholela ekuvuzeni kolwazi kanye nokweqa imikhawulo (ingasetshenziswa njengezici ezinomthelela ekuhlaselweni kwe-Chrome). Lezi zinkinga zalungiswa kukhodi ye-SQLite ngoDisemba 13. Sekuhlangene, izinkinga zivumele abacwaningi ukuthi balungiselele ukuxhashazwa okusebenzayo okuvumela ikhodi ukuthi isetshenziswe kumongo wenqubo ye-Chromium enesibopho sokunikezela.

Source: opennet.ru