Faɗakarwar tsaro: bug a cikin sudo CVE-2017-1000367

Isaac

2 minti

IT Tsaro

Akwai mummunan rauni a sanannen kayan aikin sudo. Rashin lafiyar ya samo asali ne saboda kwaro a cikin shirye-shiryen wannan kayan aikin wanda ke bawa duk wani mai amfani damar yin aiki a cikin kwasfa (koda kuwa an kunna SELinux) don bunkasa gata ya zama tushe. Matsalar ta ta'allaka ne akan rashin aikin yin sudo mai parsing abun ciki na / proc / [PID] / stat lokacin da ake kokarin tantance m.

Kwaron da aka gano yana musamman a cikin kira samu_process_ttyname () sudo don Linux, wanda shine ya buɗe kundin adireshin da aka ambata a baya don karanta lambar na'urar tty don filin tty_nr. Wannan raunin da aka sanya kamar CVE-2017-1000367 ana iya amfani da shi don samun damar tsarin, kamar yadda na ce, saboda haka yana da mahimmanci kuma yana shafar sanannun rabe-raben da yawa. Amma kuma kada ku ji tsoro, yanzu muna gaya muku yadda za ku kare kanku ...

Da kyau, da rarrabawa ya shafa sune:

  1. Red Hat Enterprise Linux 6, 7 da Server
  2. Oracle Enterprise 6, 7 da Server
  3. CentOS Linux 6 da 7
  4. Debian Wheezy, Jessie, Miƙa, Sid
  5. Ubuntu 14.04 LTS, 16.04 LTS, 16.10 da 17.04
  6. SuSE LInux Shigar da Kayan Cigaban Software 12-SP2, Server don Rasberi Pi 12-SP2, Server 12-SP2 da Desktop 12-SP2
  7. BUDAWA
  8. Slackware
  9. Gentoo
  10. Arch Linux
  11. Fedora

Saboda haka, dole ne faci ko sabuntawa ASAP tsarin ku idan kuna da ɗayan waɗannan tsarin (ko abubuwan da aka samo):

  • Don Debian da Kalam (Ubuntu, ...):
sudo apt update

sudo apt upgrade
  • Don RHEL da abubuwan da suka samo asali (CentOS, Oracle, ...):
sudo yum update
  • A cikin Fedora:
sudo dnf update
  • SuSE da Kalam (OpenSUSE, ...):
sudo zypper update

Arch Linux:

sudo pacman -Syu
  • Slackware:
upgradepkg sudo-1.8.20p1-i586-1_slack14.2.txz
  • Gentoo:
emerge --sync

emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   fedu m
    sa 7 shekaru

    Wanne za a yi amfani da shi don Archlinux kuma a baya?

    Amsa wa fedu
    1.    Ishaku PE m
      sa 7 shekaru

      Sannu,

      An sami kuskure saka lambar. Yanzu zaka iya gani.

      Gaisuwa da godiya ga nasiha.

      Amsa wa Ishaku PE
  2.   fernan m
    sa 7 shekaru

    Sannu
    Da kyau, don baka da abubuwanda suka samo asali sudo pacman -Syyu
    Na gode.

    Amsa wa fernan
  3.   lorabian m
    sa 7 shekaru

    Don haka shine dalilin da ya sa aka sabunta sudo ... ko ta yaya, abin haɗari shine gaskiyar cewa ba a san waye ba, ban da wanda yake da kwaro yanzu, wanda kuma ya sani. Kuma wannan na iya zama haɗari.

    Amsa zuwa lorabe