Ngemva kwamasonto amabili udaba olubucayi oludlule ku 4 ubungozi obufanayo obungaphezulu (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817), okuvumela ngokudala isixhumanisi kokuthi “.forceput” ukweqa imodi yokuzihlukanisa ye-“-dSAFER” . Lapho ucubungula amadokhumenti aklanywe ngokukhethekile, umhlaseli angathola ukufinyelela kokuqukethwe kwesistimu yefayela futhi asebenzise ikhodi engafanele kusistimu (isibonelo, ngokwengeza imiyalo kokuthi ~/.bashrc noma ~/.profile). Ukulungiswa kuyatholakala njengamapheshana (, ). Ungakwazi ukulandelela ukutholakala kwezibuyekezo zephakheji ekusatshalalisweni kulawa makhasi: , , , , , , , .
Ake sikukhumbuze ukuthi ubungozi ku-Ghostscript bubeka ingozi eyengeziwe, njengoba le phakheji isetshenziswa ezinhlelweni eziningi ezidumile zokucubungula amafomethi we-PostScript kanye ne-PDF. Isibonelo, i-Ghostscript ibizwa ngesikhathi sokudala isithonjana sedeskithophu, ukukhomba idatha yangemuva, nokuguqulwa kwesithombe. Ukuhlasela okuphumelelayo, ezimweni eziningi kwanele ukumane ulande ifayela nge-exploit noma upheqa umkhombandlela ngalo ku-Nautilus. Ubungozi ku-Ghostscript bungaphinda busetshenziswe ngokucubungula izithombe ngokusekelwe kumaphakheji e-ImageMagick kanye ne-GraphicsMagick ngokuwadlulisela ifayela le-JPEG noma le-PNG eliqukethe ikhodi ye-PostScript esikhundleni sesithombe (ifayela elinjalo lizocutshungulwa ku-Ghostscript, njengoba uhlobo lwe-MIME lubonwa okuqukethwe, futhi ngaphandle kokuthembela esandisweni).
Source: opennet.ru