U-Greg Kroah-Hartman, onesibopho sokugcina igatsha elizinzile le-Linux kernel, unqume ukwenqabela ukwamukelwa kwanoma yiziphi izinguquko ezivela eNyuvesi yaseMinnesota zibe yi-Linux kernel, kanye nokuhlehlisa zonke iziqephu ezamukelwe ngaphambilini futhi azibuyekeze kabusha. Isizathu sokuvinjwa kwakuyimisebenzi yeqembu locwaningo elifunda ukuthi kungenzeka yini ukukhuthaza ubungozi obufihliwe kukhodi yamaphrojekthi womthombo ovulekile. Leli qembu lithumele amapeshi aqukethe izinhlobo ezahlukene zezimbungulu, labona ukusabela komphakathi, futhi lafunda izindlela zokukopela inqubo yokubuyekeza ukuze kube nezinguquko. NgokukaGreg, ukwenza ucwaningo olunjalo ukuze kwethulwe izinguquko ezinonya akwamukelekile futhi akulungile.
Isizathu sokuvinjwa ukuthi amalungu aleli qembu athumele isiqeshana esinezela isheke lesikhombi ukuze kuqedwe ukushayelwa kabili okungaba khona komsebenzi “wamahhala”. Njengoba kunikezwe umongo wokusetshenziswa kwesikhombi, isheke lalingenangqondo. Injongo yokuhambisa ipheshi bekuwukubona ukuthi ingabe ushintsho oluyiphutha luzodlula ekubuyekezweni ngabathuthukisi be-kernel. Ngaphezu kwalesi siqeshana, eminye imizamo yonjiniyela abavela eNyuvesi yaseMinnesota iye yavela yokwenza izinguquko ezingabazisayo ku-kernel, kuhlanganise naleyo ehlobene nokwengezwa kobungozi obufihliwe.
Umhlanganyeli othumele ama-patches uzame ukuziphendulela ngokuthi uhlola i-analyzer entsha ye-static futhi ukuguqulwa kwalungiswa ngokusekelwe emiphumeleni yokuhlolwa kuyo. Kodwa uGreg udonsele ukunaka eqinisweni lokuthi ukulungiswa okuhlongozwayo akukona okujwayelekile kumaphutha atholwe abahlaziyi abamile, futhi wonke amapheshana athunyelwe awalungisi lutho nhlobo. Uma kubhekwa ukuthi iqembu locwaningo okukhulunywa ngalo lizamile ukuphusha ama-patches ngobungozi obufihliwe esikhathini esedlule, kusobala ukuthi baqhubekile nokuhlola kwabo nomphakathi wokuthuthukisa i-kernel.
Kuyathakazelisa ukuthi esikhathini esidlule, umholi weqembu elenza izivivinyo wayehileleke ekubhaqweni okusemthethweni kobungozi, isibonelo, ukukhomba ukuvuza kolwazi kusitaki se-USB (CVE-2016-4482) kanye nohlelo olungaphansi lwenethiwekhi (CVE-2016-4485) . Ocwaningweni olumayelana nokusabalalisa ubungozi obuyimfihlo, ithimba elivela eNyuvesi yaseMinnesota licaphuna isibonelo se-CVE-2019-12819, ubungozi obudalwa yi-kernel patch ekhishwe ngo-2014. Ukulungiswa kwengeze ikholi ku-put_device kubhulokhi yokusingatha iphutha ku-mdio_bus, kodwa eminyakeni emihlanu kamuva kwavela ukuthi ukukhohlisa okunjalo kuholela ekufinyeleleni kubhulokhi yememori ngemuva kokuthi ikhululiwe (“use-after-free”).
Ngesikhathi esifanayo, abalobi bocwaningo bathi emsebenzini wabo bafingqa idatha kuma-patches angu-138 afaka amaphutha futhi ayengahlobene nabahlanganyeli bocwaningo. Imizamo yokuthumela amapheshana abo anamaphutha yayilinganiselwe ezincwadini ze-imeyili, futhi izinguquko ezinjalo azizange zingene ku-Git (uma, ngemva kokuthumela isiqeshana nge-imeyili, umnakekeli wayebheka lesi siqeshana njengesijwayelekile, wabe esecelwa ukuthi angalufaki ushintsho kusukela lapho. kube yiphutha, ngemuva kwalokho bathumela isiqeshana esilungile).
Ukwengeza 1: Ngokubheka umsebenzi wombhali wesiqephu esigxekiwe, ubelokhu ethumela ama-patches kuma-subsystem ahlukahlukene e-kernel isikhathi eside. Isibonelo, abashayeli be-radeon ne-nouveau basanda kwamukela izinguquko ngocingo oluya ku-pm_runtime_put_autosuspend(dev->dev) kubhulokhi yephutha, okungenzeka ukuthi ibangele ukuthi kusetshenziswe isigcinalwazi ngemva kokukhulula inkumbulo ehlobene nayo.
Isengezo sesi-2: U-Greg uhlehlisele emuva izibopho ezingu-190 ezihlotshaniswa ne-"@umn.edu" futhi waqala ukuzibuyekeza kabusha. Inkinga iwukuthi amalungu anamakheli athi "@umn.edu" awazange azame kuphela ukusunduza iziqephu ezingabazekayo, kodwa futhi anamathisele ubungozi bangempela, kanye nezinguquko ezihlehliswayo zingaholela ezinkingeni zokuphepha ezichibiyelwe ukuthi zibuye. Abanye abanakekeli sebezihlolile kabusha izinguquko ezibuyisiwe futhi abatholanga zinkinga, kodwa omunye wabanakekeli ubonise ukuthi enye yeziqephu ezithunyelwe kuye ibe namaphutha.
Source: opennet.ru