KU-SQLite DBMS (CVE-2019-5018), ekuvumela ukuthi usebenzise ikhodi yakho kusistimu uma kungenzeka ukusebenzisa umbuzo we-SQL olungiselelwe umhlaseli. Inkinga ibangelwa iphutha ekusetshenzisweni kwemisebenzi yewindi futhi ivela kusukela egatsheni . Ukuba sengozini kumagazini ka-April ngaphandle kokubalulwa okucacile kokulungisa izinkinga zokuphepha.
Umbuzo oklanywe ngokukhethekile we-SQL KHETHA ungaholela ekufinyeleleni kwememori ukusetshenziswa ngemva kokungena mahhala, okungenzeka kusetshenziselwe ukudala ukuxhashazwa ukuze kusetshenziswe ikhodi kumongo wohlelo lokusebenza olusebenzisa i-SQLite. Ukuba sengozini kungase kusetshenziswe uma uhlelo lokusebenza luvumela ukwakhiwa kwe-SQL okuvela ngaphandle ukuthi kudluliselwe ku-SQLite.
Isibonelo, ukuhlasela kungenzeka kwenziwe kusiphequluli se-Chrome nezinhlelo zokusebenza ezisebenzisa injini ye-Chromium, njengoba i-WebSQL API isetshenziswa ngaphezulu kwe-SQLite futhi ifinyelela le DBMS ukuze icubungule imibuzo ye-SQL evela kuzinhlelo zokusebenza zewebhu. Ukuze uhlasele, kwanele ukudala ikhasi elinekhodi ye-JavaScript enonya futhi uphoqelele umsebenzisi ukuthi alivule esipheqululini esisekelwe enjini ye-Chromium.
Source: opennet.ru