Ukukhishwa okulungile kolimi lohlelo lweRuby kwenziwe , ΠΈ , elungise ubungozi obune. Ukuba sengozini okuyingozi kakhulu (CVE-2019-16255) kulabhulali ejwayelekile (lib/shell.rb), okuthi ukwenza ikhodi esikhundleni. Uma idatha etholwe kumsebenzisi icutshungulwa kumpikiswano yokuqala ye-Shell#[] noma izindlela zokuhlola ze-Shell# ezisetshenziselwa ukuhlola ubukhona befayela, umhlaseli angakwazi ukufeza ikholi yendlela ye-Ruby engafanele.
Ezinye izinkinga:
- - ukuchayeka kuseva ye-http eyakhelwe ngaphakathi Ukuhlasela okuhlukanisayo kwempendulo ye-HTTP (uma uhlelo lufaka idatha engaqinisekisiwe enhlokweni yempendulo ye-HTTP, unhlokweni ungahlukaniswa ngokufaka uhlamvu lomugqa omusha);
- ukufaka esikhundleni sohlamvu olungenalutho (\0) kulezo ezikhethwe ngokusebenzisa izindlela ze-βFile.fnmatchβ kanye βne-File.fnmatch?β. izindlela zefayela zingasetshenziswa ukuqalisa isheke ngamanga;
- - ukwenqatshwa kwesevisi kumojula yokuqinisekisa ye-Diges ye-WEBrick.
Source: opennet.ru