Adadin Labarai 1.9.0 shine sabon sigar dakin karatun da aka gina cikin shahararren shirin GNU Privacy Guard (GPG). Kamar yadda kuka sani, software ce mai amfani wacce zaku iya sa hannu kan bayanai, ɓoye fayiloli don kare su daga idanuwan wasu mutane, da dai sauransu. Kari akan haka, zaka iya zabar tsakanin nau'ikan boye-boye da kuma hanyoyin da ake samu.
Da kyau, wannan ɗakin karatun ya zama matsala, tunda sun sami lahani mai tsanani a ciki kuma hakan na iya kawo cikas ga tsaron wannan software. Bugu da ƙari, ba kawai ba ne amfani da GnuPGHakanan wasu software na ɓoye suna amfani dashi, don haka yana iya shafar wasu shirye-shiryen ta hanya ɗaya.
A kan jerin aikawasiku na ci gaba don wannan aikin, mai haɓaka bayan GnuPG da Libgcrypt, ya aika sakon fadakarwa game da wannan matsalar. Matsalar da take aiki na foran kwanaki, tun lokacin da aka saki Libgcrypt 1.9.0 a ranar 19 ga Janairu, 2021, wanda ke nufin cewa an haɗa shi a cikin sigar GnuPG 2.3.
Koch, mai haɓakawa, ba da farko ya tabbatar da asalin yanayin wannan matsalar ba, kawai an iyakance shi ne ga faɗakar da masu amfani da shi su daina amfani da wannan laburaren ɓoyewa kuma ta sanar da sabon sabuntawa don gyara wannan matsalar tsaro.
Amma 'yan kwanaki bayan haka, a ranar 26 ga Janairu, zai ba da ƙarin bayani game da wannan mawuyacin halin raunin da ke ci gaba ba tare da CVE ba. Wannan matsala ce da zata iya amfani da wani buffer ambaliya, wanda zai iya sa maharin ya iya samun damar bayanan ba tare da wata tabbaci ko sa hannu ba, wanda ya shafi.
Amma ga wanda ya gano wannan matsalar, mai binciken ne Tavis Ormandy daga Zero na Google. Kuma, kamar yadda muka koya, kawai yana shafar Libgcrypt 1.9.0 version, kuma ba wasu juzu'i ba.
Idan kana daga cikin wadanda abin ya shafa wadanda suke da wannan sigar wannan dakin karatun, zaka iya samun dama a nan, tunda akwai wani sabon juzu'i da facin yake warware shi. Yana da Libgcrypt 1.9.1.