Ukuba sengozini okubalulekile (CVE-2023-27482) kukhonjwe kuplathifomu yekhaya ezishintshayo evulekile Umsizi Wasekhaya, okuvumela ukuthi udlule ukuqinisekiswa futhi uthole ukufinyelela okugcwele ku-API Yomphathi onelungelo, ongashintsha ngayo izilungiselelo, ufake/ubuyekeze isofthiwe, phatha izengezo nezipele.
Inkinga ithinta ukufakwa okusebenzisa ingxenye Yomphathi futhi ivele kusukela ekukhishweni kwayo kokuqala (kusukela ngo-2017). Isibonelo, ubungozi bukhona ku-OS Yomsizi Wasekhaya kanye nasezimo ezigadiwe Zomsizi Wasekhaya, kodwa akuthinti Isiqukathi Somsizi Wasekhaya (I-Docker) kanye nezimo zePython ezidalwe mathupha ngokusekelwe Ku-Core Yomsizi Wasekhaya.
Ukuba sengozini kulungiswe kunguqulo engu-2023.01.1 Yomsizi Womsizi Wasekhaya. I-workaround eyengeziwe ifakiwe ekukhishweni kwe-Home Assistant 2023.3.0. Kuzinhlelo lapho kungenzeki khona ukufaka isibuyekezo ukuze uvimbele ukuba sengozini, ungakhawulela ukufinyelela embobeni yenethiwekhi yesevisi yewebhu Yomsizi Wasekhaya kusukela kumanethiwekhi angaphandle.
Indlela yokusebenzisa ubungozi ayikacaciswa (ngokusho konjiniyela, cishe u-1/3 wabasebenzisi abafake isibuyekezo futhi amasistimu amaningi ahlala esengozini). Enguqulweni elungisiwe, ngaphansi kwesigubuzelo sokuthuthukisa, kwenziwe izinguquko ekucubungulweni kwamathokheni nemibuzo e-proxied, futhi izihlungi zengeziwe ukuze kuvinjwe ukushintshwa kwemibuzo ye-SQL kanye nokufakwa kwe- " Β» ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΠΏΡΡΠ΅ΠΉ Ρ Β«../Β» ΠΈ Β«/./Β».
Source: opennet.ru